> Nov 29 03:29:26 lucidpixels kernel: ip_conntrack: max number of expected
> connections 1 of ftp reached for 192.168.xxx.xxx->129.128.5.191, reusing
> Nov 29 03:29:30 lucidpixels kernel: ip_conntrack: max number of expected
> connections 1 of ftp reached for 192.168.xxx.xxx->129.132.7.170, reusing
> Nov 29 03:29:36 lucidpixels kernel: ip_conntrack: max number of expected
> connections 1 of ftp reached for 192.168.xxx.xxx->195.113.31.123, reusing
>
> These fill up my logs (kern.info) which I use for logging iptables
> blocked packets.
the issue is that somebody is doing something very strange to your ftp
server. Inside an FTP session, there's always only one expectation,
since there is only one unestablished data session per control session
at any given point in time.
> Is there anyway to turn this feature off dynamically or should one just
> comment out line #970 in
> /usr/src/linux/net/ipv4/netfilter/ip_conntrack_core.c ?
feel free to remove the comment. but in normal ftp protocol behaviour,
the lines above should never be printed.
-- Live long and prosper - Harald Welte / laforge@gnumonks.org http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
This archive was generated by hypermail 2b29 : Sat Dec 07 2002 - 22:00:23 EST