you can type following command to check current conntrack table
cat /proc/net/ip_conntrack
you can set each protocol's timeout value in (normal is 30s)
/proc/sys/net/ipv4
/proc/sys/net/ipv6
On 2.6.36, the icmp's conntrack will still alive even the target reply the icmp ack,
this may cause some trouble ( like you set the firewall or routing path ) , I recommand you clean the conntrack table (you can use conntrack-tool to do it) after setting the routing path or firewall.
reference:
http://www.faqs.org/docs/iptables/theconntrackentries.html
沒有留言:
張貼留言