WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

RE: [Xen-users] ip conntrack table full

On Mon, 25 Jan 2010, James Harper wrote:

> > >
> > > 'cat /proc/net/ip_conntrack' will tell you what's in the conntrack
> > > database. Have a look in there and see if it's what you expect...
> > >
> >
> > net.ipv4.netfilter.ip_conntrack_count = 65536
> > net.ipv4.netfilter.ip_conntrack_max = 65536
> >
> > Being full that's what I'd expect, what I don't understand is why
> they're
> > filling up.
> >
>
> That's why you need to 'cat /proc/net/ip_conntrack' and see what's in
> there. It will tell you about all the connections it's tracking. Could
> be full of SSH portscans. Maybe you have a spambot on your network?
> Could be anything, but you need to get an understanding of the actual
> connections, not just a count of them.
>
> There is also a tool in the netfilter suite that can do a live listing
> of any new connection that gets added and removed.
>

Ok, that is a good indicator.  I can see things contacting port 443, which
is what should be on the domU.  I'm also seeing lots of established
connections that aren't showing up in netstat.  So it's like the dom0 is
tracking the domU's iptables, but is not releasing them?

        -Mike

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users