NAT stops working

Daniel Wittenberg daniel-wittenberg at starken.com
Wed Apr 20 17:26:26 CEST 2005


Yeah, the number of connections was pretty low, and there weren't any
errors about the table being full.  In fact there aren't any
kernel/netfilter errors at all getting logged.

Dan

On Wed, 2005-04-20 at 17:07 +0200, Fabien Germain wrote:
> Hi Daniel,
> 
> Did you try to increase ip_conntrack_max ?
> (/proc/sys/net/ipv4/netfilter/ip_conntrack_max)
> If you use p2p for example, you can quickly reach the limit.
> 
> Hope it helps.
> Fabien
> 
> 
> 
> On 4/20/05, Daniel Wittenberg <daniel-wittenberg at starken.com> wrote:
> > We've got a high-speed wireless and DSL connection so I decided to try
> > and load-balance the out-going connections.  I run a little script that
> > does:
> > 
> > route flush scope global
> > route flush cache
> > route add default scope global equalize nexthop via <external gw 1> dev
> > eth0 weight 1 nexthop via <external gw 2> dev eth1
> > 
> > This appears to work for awhile, then incoming connections stop getting
> > nat'd to their internal addresses.  I reboot or reset the firewall
> > (flush all the tables and re-run this script) and things are good again
> > for awhile.  I tried flooding some of the external IP's that are nat'd
> > and it seems like after a certain amount of traffic the nat just stops
> > working.  tcpdump shows traffic on the external interface coming in, but
> > not going out anywhere.
> > 
> > Anyone have ideas on how to debug this further or things to check?
> > 
> > Thanks,
> > Dan





More information about the netfilter mailing list