Unix administration - ip

Author

ip_conntrack issue

Fravo

2007-12-11, 1:24 pm

hi all,
I have a box running Slackware GNU/Linux 2.6.21.5-smp with a few
iptables and ebtables rules, I work in a ISP in Brazil.
We have about 2900 clients.
This box has 512 Mb RAM.

Well, i increased the size of my ip_conntrack_max and hashsize both
for 1048576. But my /pro/net/ip_conntrack number never stops growing.
I need to reboot this box every 3 days.

Is this the only solution? Or there is a way for cleaning my
ip_conntrack table?

Thank you all!

Moe Trin

2007-12-13, 1:46 am

On Tue, 11 Dec 2007, in the Usenet newsgroup comp.unix.admin, in article
<12136dc8-aef7-4ffc-aec2-a4494ba3ef61@w28g2000hsf.googlegroups.com>, Fravo
wrote:

NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.

>I have a box running Slackware GNU/Linux 2.6.21.5-smp with a few
>iptables and ebtables rules, I work in a ISP in Brazil.
>We have about 2900 clients.

I suspect you'll have a better chance of getting help over in the
Usenet newsgroup 'comp.os.linux.networking'

>Well, i increased the size of my ip_conntrack_max and hashsize both
>for 1048576. But my /pro/net/ip_conntrack number never stops growing.
>I need to reboot this box every 3 days.

You've got something configured wrong, but I have no idea what.
One of the regular in comp.os.linux.networking may be able to help.

>Is this the only solution? Or there is a way for cleaning my
>ip_conntrack table?

http://www.netfilter.org/documentation/HOWTO/

Thu Jan 25 15:25:07 MST 2007
[TXT] NAT-HOWTO.txt 24-Dec-2006 16:06 25K
[TXT] netfilter-double-nat-HOWTO.txt 24-Dec-2006 16:06 9.4K
[TXT] netfilter-extensions-HOWTO.txt 24-Dec-2006 16:06 79K
[TXT] netfilter-hacking-HOWTO.txt 24-Dec-2006 16:06 84K
[TXT] netfilter-mirror-HOWTO.txt 24-Dec-2006 16:06 8.1K
[TXT] networking-concepts-HOWTO.txt 24-Dec-2006 16:06 28K
[TXT] packet-filtering-HOWTO.txt 24-Dec-2006 16:06 52K

Old guy