More on stale connection

Ming-Ching Tiew mingching.tiew at redtone.com
Tue Aug 9 11:57:16 CEST 2005


I am using 2.4.29 and I patched the kernel with tcp-window-tracking
patch-o-matic but my stale connection problem is still not solved,
I still get a lot of expired connections not removed from the state
table,

tcp      6 27 TIME_WAIT src=192.168.1.231 dst=202.x.y.z sport=3268 dport=80 src=202.x.y.z dst=a.b.c.d sport=80 dport=3268 [ASSURED]
use=1 mark=7
tcp      6 83 TIME_WAIT src=192.168.1.231 dst=202.x.y.z sport=3294 dport=80 src=202.x.y.z dst=a.b.c.d sport=80 dport=3294 [ASSURED]
use=1 mark=7
tcp      6 104 TIME_WAIT src=192.168.1.231 dst=202.x.y.z sport=3305 dport=80 src=202.x.y.z dst=a.b.c.d sport=80 dport=3305 [ASSURED]
use=1 mark=7

[ many of them ]

  # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
120

Isn't it supposed to removed tcp_timout_time_wait after 120 seconds ? But
these "connections" have being staying my the state table for hours already !

Anyone has any clue ?












More information about the netfilter mailing list