NAT stops working
Fabien Germain
fabien.germain at gmail.com
Wed Apr 20 17:07:40 CEST 2005
Hi Daniel,
Did you try to increase ip_conntrack_max ?
(/proc/sys/net/ipv4/netfilter/ip_conntrack_max)
If you use p2p for example, you can quickly reach the limit.
Hope it helps.
Fabien
On 4/20/05, Daniel Wittenberg <daniel-wittenberg at starken.com> wrote:
> We've got a high-speed wireless and DSL connection so I decided to try
> and load-balance the out-going connections. I run a little script that
> does:
>
> route flush scope global
> route flush cache
> route add default scope global equalize nexthop via <external gw 1> dev
> eth0 weight 1 nexthop via <external gw 2> dev eth1
>
> This appears to work for awhile, then incoming connections stop getting
> nat'd to their internal addresses. I reboot or reset the firewall
> (flush all the tables and re-run this script) and things are good again
> for awhile. I tried flooding some of the external IP's that are nat'd
> and it seems like after a certain amount of traffic the nat just stops
> working. tcpdump shows traffic on the external interface coming in, but
> not going out anywhere.
>
> Anyone have ideas on how to debug this further or things to check?
>
> Thanks,
> Dan
>
>
More information about the netfilter
mailing list