[Linux-disciples] What does this mean? (fwd)
Stephen R Laniel
steve at laniels.org
Thu Jul 7 14:40:24 EDT 2005
On Thu, Jul 07, 2005 at 01:18:11PM -0500, Karl Sokol wrote:
> dmesg only shows an endless row of Inbound IN=eth0 etc. etc.
You could do something like
dmesg |grep 'Inbound IN=eth0' |wc -l
to see precisely how many there are. But in any case, I'd
say that this is overlogging.
> karl at ubuntu:~$ rmmod ip_conntrack
> ERROR: Module ip_conntrack is in use by
> ipt_MASQUERADE,iptable_nat,ip_conntrack_irc,ip_conntrack_ftp,ipt_state
> karl at ubuntu:~$ sudo modprobe -r ip_conntrack
> Password:
> FATAL: Module ip_conntrack is in use.
>
> with ps -aux, I don't see what to kill.
You wouldn't be able to see that sort of thing via ps aux;
it's another module that has ip_conntrack in use, not a
running program.
I'm puzzled that ipt_MASQUERADE and iptable_nat need
ip_conntrack; I thought ip_conntrack was pretty much
superfluous. Huh. ... Okay, now that you mention it,
ip_conntrack loads when I modprobe ipt_MASQUERADE on this
end, too. However, when I modprobe -r ipt_MASQUERADE,
ip_conntrack goes away as well, so it would appear that
ipt_MASQUERADE is the only module that really depends on
ip_conntrack. Your mileage may vary slightly from mine.
I leave it to others to determine whether you actually need
ipt_MASQUERADE. I've only ever used it on Adam's advice,
when I'm using my machine as an iptables router. If you
don't need it, you can just do
sudo modprobe -r ipt_MASQUERADE
then check whether ip_conntrack is still running via
lsmod |grep -i conntrack
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20050707/4ad7ebc1/attachment.pgp
More information about the Linux-disciples
mailing list