[CentOS] iptables starts blocking outbound http traffic
Neil Aggarwal
neil at JAMMConsulting.com
Thu Nov 6 15:42:31 UTC 2008
Filipe:
Thanks for the information.
If I do:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
on each of my servers, they all report 65536 which
seems like a pretty high limit.
If I do:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
on each of my servers, the highest number is just over
1100.
If this is the source of the problem, how would restarting
httpd and tomcat help? I did not restart the machine nor
reset iptables.
I am not asking this to be argumentative, just trying to
understand how the facts I am seeing are related.
Thanks,
Neil
--
Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
> If you're using ESTABLISHED, it depends on ip_conntrack being able to
> track the connections. ip_conntrack keeps a table of all connections,
> but this table is limited in size, so it may be overflowing.
More information about the CentOS
mailing list