On Mon, 3 Nov 2003, Warren P wrote:
> since i've upgraded squid to 2.5stable4, my ip_conntrack
> table seems to be filling within hours, eventually i had to
> increase it from 65528 to 163840. And after 3 days, it
> neared this limit as well. Once the ip_conntrak is full,
> the server starts dropping packets.
This is not normal, and a sign of a major bug in the version of
ip_conntrack you are using. No matter what Squid is doing it MUST NOT be
able to cause these symptoms in ip_conntrack, or else ip_conntrack is
flawed.
Please contact the netfilter developers to have this netfilter bug
resolved.
Note: I have not heard of this specific problem with ip_conntrack before,
neither in the Squid discussions or the Netfilter developer discussions.
Regards
Henrik
Received on Mon Nov 03 2003 - 08:24:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:04 MST