Hi Jim, Jim Westbrook wrote:
You most likely have one or more Win boxes running some P2P application
(kazaa, et al) which advertise your external IP address (assuming NAT is in use). This, in turn, causes external attempts to connect to these "servers" from outside your network which is being blocked by your firewall. It's the number of external attempts that's flooding ip_conntrack.
Locate the box(es) running the P2P application(s), disable the s/w, and resist the urge to kill the user(s).
JimW
that's most unlikely, I have only Servers behind the NAT-Box. Looks like one Windows-Webserver opens a lot of connections from its port 80 to the outside (right now about 1500 entries), but that does still not explain, how the connection limit of more than 16.000 could be reached. Maybe a DoS? Greetings, Ralf