[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: INVALID state and no known connection.

This whole discussion seems off-topic to me, but I'll try to clear this up.

Daniel, I believe you are seeing a syslog tag called '[INVALID in] ' or '[INVALID out] ', nothing more.  See the LOG target in the iptables man page (eg, -j LOG --log-prefix '[INVALID in] ').

On 2013-04-09, at 3:51 PM, Rolf Kutz <rk@vzsze.de> wrote:

> Hi Daniel,
> On 09/04/13 21:05 +0200, Daniel Curtis wrote:
>> Hi andika.
>> Another INVALID packet description. I read a lot of
>> information and I don't know what is the truth. Frankly,
>> the first time I see a description, which concerns RAM memory.
>> So, I have a 1 GB of RAM memory. Just for example; free -m
>> command result;
>> used: 640, free: 230
>> and top command;
>> 891896k total, 677284k used, 214612k free
>> As we can see, system detected 870 MB instead 1 GB (1024 MB).
>> So what is the relationship between INVALID packets and RAM
>> memory? Honestly, I don't understand it.
> The infomation about connections is stored in
> /proc/net/ip_conntrack. The maximum connections
> being tracked are configured in
> /proc/sys/net/ipv4/netfilter/ip_conntrack_max.
> If you have a lot of connections, you might want
> to increase the values (f.e. if you use bittorrent
> or similar protocols). Every connections beeing
> tracked needs some RAM. 
> You could also check, if the connections timed
> out and then increase the timeout values.
> HTH Rolf
> -- 
> Tres tristes tigres comen trigo en un trigal: un tigre, dos tigres, tres tigres.
> -- 
> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 20130409195137.GU26658@vzsze.de">http://lists.debian.org/[🔎] 20130409195137.GU26658@vzsze.de

Reply to: