/proc/net/ip_conntrack
David A. Bandel
david
Tue Aug 17 13:28:39 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 17 Aug 2004 23:16:34 +0800
"M.W. Chang" <mwchang at i-cable.com> wrote:
> Occassionally, my ip_conntrack exceeded the ip_conntrack_max. How
> could I prevent that from happening?
Are you sure? Check again.
>
> My current value of ip_conntrack_max is about 8000, and I am running a
>
> relatively public bt-tracker.
and you counted more than 8000 entries? If so, you might look at the
status.
>
> I noticed some IP have over 30 entries in ip_conntract connecting to
> the bttracker. I don't know why they needed more than one connection.
Because there's more than one connection.
Review what constitutes an IP connection in its entirety (hint, it's
more than just an IP/Port pair). Some applications (like bittorrent)
can actually open multiple connections to the same and/or different
servers. Each HTTP page/refresh is one or more connections. So if you
go to a site, get the index page, navigate to another page, those are
separate, independent connections.
Also look at the conntrack timeouts for entries to be removed from the
conntrack table even on terminated connections.
Ciao,
David A. Bandel
- --
Focus on the dream, not the competition.
Nemesis Racing Team motto
GPG key autoresponder: mailto:david_key at pananix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBIk4tj31PLQNUbV4RAnH1AKC55HB2YATU9HR0KazXB52zdi4IowCfd+74
aDCORPi6wGKRQgezLNg+i70=
=UJ4W
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list