On Mon, Mar 07, 2005 at 05:29:30PM +0100, Ludwig Nussel wrote:
Ludwig Nussel wrote:
Sandu Mihai wrote:
Upgrading to SuSE 9.2 will not solve the problem in any way. I had the same problem, and it was solved by removing the ip_conntrack module from that server. I have tryied to bump up the conntrack table size using /etc/sysctl.conf and boot.sysctl, it had no effect whatsoever. The system in question is a SuSE 9.2 Proffesional with the latest patches applied.
I hope it's OK if I'll jump in this thread. I have the same problem with a SuSE 9.0 Gateway. For your Information: behind the Gateway theres a proxy Server (192.168.100.2) that connects to a Trendmicro Viruswall on the Gateway (192.168.100.1:8080)
The problem is in our bug tracking system but it's hard to reproduce. Can you please post the content of /proc/net/ip_conntrack and /proc/net/ip_conntrack_expect when the problem occurs?
output is attached
To those seeing the problem on SUSE LINUX 9.2: Can you please try these settings and see if the problem occurs again?
echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal echo 255 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
Any tips on what to do with my SuSE 9.0 box?
This will change the way TCP window tracking works and makes the kernel log pakets that look suspicious to conntrack.
Thanks, cu Ludwig
TIA marc