On Thu, 2003-04-10 at 22:18, Mario TRENTINI wrote:
> Dear list,
>
> I've recently reboot my linux router due to fool ip_conntrack table
> (/proc/net/ip_conntrack). The box is hook up to the internet with
> dynamically assign ip and run a 2.4.20 kernel.
> Upon investigation after the reboot, it appears that the table contains
> stale entries of connections made with previous ip addresses that slowly
> fill it up.
Did you apply the pending/submitted patches from patch-o-matic?
There's a known bug in conntrack in kernel 2.4.20 that can make old
connections still hang around. It's fixed in the latest 2.4.21-pre
kernel.
Or you can download patch-o-matic and patch your 2.4.20 kernel.
(ftp://ftp.netfilter.org/pub/patch-o-matic/snapshot/patch-o-matic-20030410.tar.bz2)
And then execute ./runme --batch pending
And there's an entry about this problem with MASQUERADE and old
connection hanging around in the netfilter bugzilla, it's not
neccessarily the same bug as the one that's fixed in later kernels.
https://bugzilla.netfilter.org
-- /Martin - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Apr 15 2003 - 22:00:21 EST