Hi Eliezer, Thanks for you answer: > well this is one of the big problems of the conntrack thingy.. > what you can try is to also to change the tcp to: > sysctl net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600 > cause it might causing the problem of such a huge ammount of connection > tracking size. > the basic size is 120 minutes which can cause a lot of troubles in many cases > of open connections. > and by the way.. do you really have 155K connections? it seems like too > much. > > hope to hear more about the situation. > > Regards Eliezer [Nataniel Klug] So Eliezer, I don't think I have 155k connections. Most of them are FIN_WAIT1 (about 35~45k). I have 1000 pppoe clients behind this squid box so even if each of them had 50 connections, I would have 50k. I think closing really fast can solve the problem. I set it to close on 5 minutes and I will make a try right now. Att, Nataniel Klug
