routed network, subnetwork clients has broken tcp connection

Question

I manage a linux server which works also as a router, and route between following networks:

PPPoE (to connect to ISP) (default gw)
wired network
2x VPN networks (PPTP and openVPN)
wireless AP (DHCP)

All host is reachable from the linux server,the WAN, Wifi, VPN and LAN clients. But somtimes from the LAN and AP, i can't access some webpages, here is a example: Now the 8tracks.com is unreacheable (23.23.196.130).

first i try to reach from the AP (same result if i try from LAN) connection established request sent but no answer come.

closed the connection after 7 secounds.

then i connected from the server, and page loaded successfully.

the other weird: if i try to connect through VPN, connection will be successfull.

i have same routing setting for all networks, firewall rules are unified for all interface.

I have no idea why works connection otherwise with other interface with same configuration.

Netdump from a AP client and from the server

score 1 · Accepted Answer · answered Dec 02 '13 at 20:26

You have probably a legion of masquaraded/NAT-ted connections, too. Linux handles them in a static hash table, which can overflow. After that, you will get exactly this mystic problem.

A command

cat /proc/sys/net/netfilter/nf_conntrack_max

says you, what is the upper limit of this hash map. Multiple this with 13 and set it with the command

echo #muchbiggernumber# >/proc/sys/net/netfilter/nf_conntrack_max

If it was the cause of your problem, you can make this change permanent editing /etc/sysctl.conf intuitively.

And yes, that was the problem! Thanks, by your post, today i meet a new piece of important linux configuration. :) — Dankó Dávid, Dec 03 '13 at 16:38

routed network, subnetwork clients has broken tcp connection

1 Answers1