[CentOS] iptables starts blocking outbound http traffic

Neil Aggarwal neil at JAMMConsulting.com
Thu Nov 6 15:42:31 UTC 2008


Thanks for the information.

If I do:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
on each of my servers, they all report 65536 which
seems like a pretty high limit.

If I do:
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count
on each of my servers, the highest number is just over

If this is the source of the problem, how would restarting 
httpd and tomcat help?  I did not restart the machine nor 
reset iptables.

I am not asking this to be argumentative, just trying to
understand how the facts I am seeing are related.


Neil Aggarwal, (832)245-7314, www.JAMMConsulting.com
Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.  

> If you're using ESTABLISHED, it depends on ip_conntrack being able to
> track the connections. ip_conntrack keeps a table of all connections,
> but this table is limited in size, so it may be overflowing.

More information about the CentOS mailing list