I was trying to do what the article at
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables
<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E>
suggested
My iptables rules are
------------------------------------------------------------------------
#that's what the mentioned article suggested..I'm not sure it's working!
*raw
-A PREROUTING -p tcp -m tcp --dport 80 -j NOTRACK
COMMIT
*filter
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
#no tracking needed for this
-A INPUT -p tcp --dport 80 -j ACCEPT
#that would be another question but I can't get rid of this while using
ssh tunneling
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#ssh port
-A INPUT -p tcp --dport 12345 -j ACCEPT
#my ip
-A INPUT -s 123.123.123.123 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
------------------------------------------------------------------------
I keep getting these messages on my kernel log
------------------------------------------------------------------------
Apr 13 20:00:41 server kernel: ip_conntrack: table full, dropping packet.
Apr 15 14:23:29 server kernel: ip_conntrack: table full, dropping packet.
Apr 15 20:19:04 server last message repeated 2 times
Apr 16 13:53:58 server kernel: ip_conntrack: table full, dropping packet.
Apr 17 19:05:32 server last message repeated 3 times
Apr 17 21:20:43 server kernel: ip_conntrack: table full, dropping packet.
------------------------------------------------------------------------
is there a way to completely disable ip_conntrack ?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
