|
|
|
|
|
|
|
|
|
|
xen-users
RE: [Xen-users] ip conntrack table full
On Mon, 25 Jan 2010, James Harper wrote:
> > >
> > > 'cat /proc/net/ip_conntrack' will tell you what's in the conntrack
> > > database. Have a look in there and see if it's what you expect...
> > >
> >
> > net.ipv4.netfilter.ip_conntrack_count = 65536
> > net.ipv4.netfilter.ip_conntrack_max = 65536
> >
> > Being full that's what I'd expect, what I don't understand is why
> they're
> > filling up.
> >
>
> That's why you need to 'cat /proc/net/ip_conntrack' and see what's in
> there. It will tell you about all the connections it's tracking. Could
> be full of SSH portscans. Maybe you have a spambot on your network?
> Could be anything, but you need to get an understanding of the actual
> connections, not just a count of them.
>
> There is also a tool in the netfilter suite that can do a live listing
> of any new connection that gets added and removed.
>
Ok, that is a good indicator. I can see things contacting port 443, which
is what should be on the domU. I'm also seeing lots of established
connections that aren't showing up in netstat. So it's like the dom0 is
tracking the domU's iptables, but is not releasing them?
-Mike
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|