--- linux-2.6.13.1/net/ipv4/netfilter/ip_conntrack_core.c.orig	2005-09-14 12:22:35.000000000 +0200
+++ linux-2.6.13.1/net/ipv4/netfilter/ip_conntrack_core.c	2008-03-17 01:22:46.000000000 +0100
@@ -1135,13 +1135,7 @@
  	if (hashsize) {
  		ip_conntrack_htable_size = hashsize;
  	} else {
-		ip_conntrack_htable_size
-			= (((num_physpages << PAGE_SHIFT) / 16384)
-			   / sizeof(struct list_head));
-		if (num_physpages > (1024 * 1024 * 1024 / PAGE_SIZE))
-			ip_conntrack_htable_size = 8192;
-		if (ip_conntrack_htable_size < 16)
-			ip_conntrack_htable_size = 16;
+		ip_conntrack_htable_size = 256;
 	}
 	ip_conntrack_max = 8 * ip_conntrack_htable_size;
 
--- linux-2.6.13.1/net/ipv4/netfilter/ip_conntrack_proto_tcp.c.orig	2008-03-17 01:31:04.000000000 +0100
+++ linux-2.6.13.1/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2008-03-17 01:29:57.000000000 +0100
@@ -50,7 +50,7 @@
 /* "Be conservative in what you do, 
     be liberal in what you accept from others." 
     If it's non-zero, we mark only out of window RST segments as INVALID. */
-int ip_ct_tcp_be_liberal = 0;
+int ip_ct_tcp_be_liberal = 1;
 
 /* When connection is picked up from the middle, how many packets are required
    to pass in each direction when we assume we are in sync - if any side uses