[Bug 49] TCP conntrack entries with huge timeouts
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Thu, 20 Feb 2003 10:29:30 +0100
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49
------- Additional Comments From arvids@vendomar.lv 2003-02-20 10:29 -------
Here some details:
1)The connections are through the netfilter.
2)there are defined the following rules:
iptables -t nat -A PREROUTING -s x.x.0.0/16 -i eth1 -p tcp --syn -m iplimit
--iplimit-above 50 -j DROP
iptables -t nat -A POSTROUTING -s x.x.0.0/16 -o eth0 -j SNAT --to y.y.y.y
(the address y.y.y.y is not assigned to linux box)
3)there are about 100-200 internal users
4)I have another box with exactly the same configuration and with much hihgher
load which uses 2.4.19 kernel, patch-o-matic-20020825. This box does not have
such problem.
Regards, Arvids
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.