Am Dienstag, den 12.06.2007, 19:45 +0200 schrieb Rob Janssen: > Although on a Linux-based router it could of course be run on the router and > hopefully avoid the problem, at least when connection tracking is not > used for that UDP port (of course it is useless).
In linux/iptables every packet goes through ip_conntrack at first, independent from using connection tracking for this Packet. So if you use tracking (and loading the module ip_conntrack) for any rule, you get the limit of the connection table for all kinds of packets. You can fix this, just type 'echo "32768" > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' to extend the table to 32k. The table needs about some 100Bytes/connection, so memory shouldn't be a problem. But that's only a solution for people with access to their router/firewall. Max _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
