iptables crashes server?

Moritz Gartenmeister moritz at uplink-verein.ch
Tue Apr 5 08:47:34 CEST 2005

i checked the memory usage a little more in detail:

the free ram is decreasing.
the active use of ram is increasing.

ergo, something is filling up my ram. i run apache, irc-proxy, snort and argus besides iptables.

for me, there seems something buggy in the kernelspace of iptables.

but, if i am the only one with this problem, it's maybe not.

can someone tell me, which kernel and which iptables version is working?


Mohamed Eldesoky wrote:
> Can you check the memory ??
> May be it is a faulty RAM
> On Apr 4, 2005 10:16 AM, Moritz Gartenmeister <moritz at uplink-verein.ch> wrote:
>>hi all
>>i'm running linux and iptables 1.3.1 with pom 20050321. i patched the kernel with ipp2p,
>>and layer-7 patch.
>>the server is running as a bridge and is working absolutly fine. after a while (there is no specific
>>time limit) the server crashes. the server is no more able to allocate new memory and even swapping
>>doesn't help. in this state i am unable to log in, i have to push the power button.
>>i don't see heavy traffic before a crash and i don't see any flooding. is there a known memory leak
>>i checked /proc/sys/net/ipv4/netfilter/ip_conntrack_count this number is in the range of 2'000 - 5'000.
>>i checked /proc/slabinfo <active_objs> is more or less similiar to ip_conntrack_count, <num_objs> is
>>the maximum of ip_contrack_count.
>>i also was checking /proc/meminfo and there was no steady increase.
>>/var/log/messages shows no warning.
>>/var/log/syslog shows nothing
>>icmp is working.
>>imap is probably working (someone told me).
>>http is not working.
>>pop over ssl is working (sometimes).
>>does anyone had/have the same experience? or does anyone have some hints for further steps?
>>hardware: dell poweredge 2560 with 2gybte ram, 2 xenon dual cpus.
>>i was running the same setup wiht an older kernel 2.6.7/10 without much troubles.

Uplink student association
Moritz Gartenmeister
Bülachstrasse 1 F
8057 Zürich

More information about the netfilter mailing list