I'm using iptables on my system to block external access to everything except for explicit ports (http, https, ssh, etc). I'm not sure how, but I'm getting “nf_conntrack: table full, dropping packet.” and “TCP: time wait bucket table overflow” because the number of connections is past the maximum trackable. By listing the connections in /proc/net/ip_conntrack I can see a wack of entries that look like the following:
tcp 6 54 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=56039 dport=5984 packets=7 bytes=429 src=127.0.0.1 dst=127.0.0.1 sport=5984 dport=56039 packets=7 bytes=19476 [ASSURED] mark=0 secmark=0 use=2 I see that it's using port 5984 which is what couchdb is on, but I'm not sure why this is occurring. I'm using PHP with the fsockopen() method described in the wiki and I do have a script running that's making updates to the db. However, PHP isn't multi-threaded and I'm making calls through the fsockopen and then closing the connection immediately afterwards. Does anyone know what's causing this to occur? Or maybe where to look further to figure this out? -Tim
