Hi, Is there a tool to display tracked connections other than cat /proc/net/ip_conntrack ?
Thanks a lot, Mikael Chambon ----- Original Message ----- From: "James A. Pattie" <[EMAIL PROTECTED]> To: "Les Barstow" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, February 22, 2002 4:46 PM Subject: Re: Multiple firewall failover > Les, > > What network driver are you using? eepro100? What is the actual chipset > of the nic's. If they are builton you probably want to use the e100 > driver from Intel which fixes the problem you are describing. With the > stock eepro100 driver, builton chips have a tendency to fall over. > Usually the box crashes, but if it doesn't, then doing an ifdown, ifup > will make it work for a little while longer. > > Les Barstow wrote: > > Does anyone have a pair of iptables boxes set up for failover? I don't > > think I need anything which mirrors the conntrack table, but it would be > > nice if I had a second box to take over when the first one disappears... > > > > Any sample configurations/scripts would be helpful. > > > > > > Also, has anyone had any experiences with iptables locking up (ie > > disallowing traffic)? I've checked conntrack tables and it appears I > > still have quite a bit of space there. Pings and TCP traffic both > > originating at the firewall and passing through it disappear. This only > > seems to happen on my external interface - I can ping internal address > > space. Been really annoying. Intel Pro dual 100Mbps ports. > > > > It never used to happen, so it's either a hardware/network issue or a > > bandwidth-related problem (we were pushing 20Mbps through it the other > > day...) > > > > > > > -- > James A. Pattie > [EMAIL PROTECTED] > > Linux -- SysAdmin / Programmer > PC & Web Xperience, Inc. > http://www.pcxperience.com/ > > >
