Why does nf_conntrack_count keep increasing?

linux ubuntu iptables conntrack

Solution 1:

I may have a clue. The timeout field from conntrack -L has several values that are in the 430,000 second range. This looks suspiciously close to the default value of nf_conntrack_tcp_timeout_established. I've tuned nf_conntrack_tcp_timeout_established down to 300, and all new entries in the table have a timeout value less than 300. This seems to suggest that entries stick around in the connection tracking table for as long as tcp_timeout_established is valid.

Will add to this answer as I get more information.

Related

Exchange with active directory and child domains
How to handle a main site plus multiple virtualhosts on one server
Disable IPv6 address autoconfiguration on Windows XP
How can I disable Windows file locking on Samba shares?
Samba server not visible from Win network
How can I restore a single column of a single MySQL table?
Does the MTA (Postfix, Exim, etc.) get installed seperate from the mail server
Is it is possible to replace one array to other new 8 HDD array in HP RAID 1+0 without losing data on old array?
Migrate from SBS 2011 to 2008 Standard
Quagga vs XORP vs BIRD - linux BGP router recommendation [closed]
Restore backup with Rsnapshot
EC2 - How do you tell the ELB when the machine is "ready"