|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-users] ip conntrack table full
> > > > 'cat /proc/net/ip_conntrack' will tell you what's in the conntrack > > database. Have a look in there and see if it's what you expect... > > > > net.ipv4.netfilter.ip_conntrack_count = 65536 > net.ipv4.netfilter.ip_conntrack_max = 65536 > > Being full that's what I'd expect, what I don't understand is why they're > filling up. > That's why you need to 'cat /proc/net/ip_conntrack' and see what's in there. It will tell you about all the connections it's tracking. Could be full of SSH portscans. Maybe you have a spambot on your network? Could be anything, but you need to get an understanding of the actual connections, not just a count of them. There is also a tool in the netfilter suite that can do a live listing of any new connection that gets added and removed. James _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |