Hi!
We are experiencing problems with connection tracking with a Cisco
Content Switch behind a firewall and think that it might partly be a
problem with netfilter in stock Linux 2.4.17.
We just started using CSS in a productive environment and now the number
of connections in /proc/net/ip_conntrack have reached 200000.
Which may be OK, but the problem is that 75% of these connections are in
"UNREPLIED" state and the timeout given as 3rd value in
/proc/net/ip_conntrack goes up to values like: 431998 - alsmost 5 days.
So 75% of all connections in the tracking list are garbage and only
discarded after 5 days!
Ok, the problem does arise with non CSS as well, but with CSS the rise
was most pronounced, still connections are left open.
Any ideas, explaination,
Cheers,
Martin Sperl
