-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, Ralf Ronneburger wrote: | do you have an ftp-server behind the box? What I found out for SuSE 9.0 | is, that ftp-connections through the firewall boost up the | connection-usage. Besides you can find out, how close you are to the | "kernel: ip_conntrack: table full, dropping packet." messages, when you | check the following: | | linux:~ # cat /proc/slabinfo | grep ip_conntrack | ip_conntrack 32566 32772 320 2729 2731 1 | linux:~ # cat /proc/sys/net/ipv4/ip_conntrack_max | 32760 | | Once the the number of currently active objects (in this case 32566) | gets up to the number configured in ip_conntrack_max, then you'll get | the "dropping packet"-message in /var/log/messages and then afaik all | you can do is reboot. nope, you can raise the number of possible conntrack entries. It depends on how much ram your box have but usually doubleing the value is no problem. Simply do: echo 65520 > /proc/sys/net/ipv4/ip_conntrack_max (or if unsure about ram usage, make it just 1.5 or so) This fixes this issue temporarly cause after reboot the default value depending on your system memory is calculated and used. So after reboot you need to do the echo again. Regards, Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFCLsoDQoCguWUBzBwRAjsvAKCZC1LZfxDtw0oHW4cEF/31smh9VwCfQpw7 8DZJnxPmiLNKB3YfwQ4FyAE= =AnkC -----END PGP SIGNATURE-----