--- linux-2.6.19.2/net/ipv4/netfilter/ip_conntrack_core.c.orig	2008-09-02 11:49:50.000000000 +0200
+++ linux-2.6.19.2/net/ipv4/netfilter/ip_conntrack_core.c	2008-12-19 18:49:55.000000000 +0100
@@ -1478,13 +1478,7 @@
 	/* Idea from tcp.c: use 1/16384 of memory.  On i386: 32MB
 	 * machine has 256 buckets.  >= 1GB machines have 8192 buckets. */
  	if (!ip_conntrack_htable_size) {
-		ip_conntrack_htable_size
-			= (((num_physpages << PAGE_SHIFT) / 16384)
-			   / sizeof(struct list_head));
-		if (num_physpages > (1024 * 1024 * 1024 / PAGE_SIZE))
-			ip_conntrack_htable_size = 8192;
-		if (ip_conntrack_htable_size < 16)
-			ip_conntrack_htable_size = 16;
+		ip_conntrack_htable_size = 256;
 	}
 	ip_conntrack_max = 8 * ip_conntrack_htable_size;
 
--- linux-2.6.19.2/net/ipv4/netfilter/ip_conntrack_proto_tcp.c.orig	2008-09-02 11:49:50.000000000 +0200
+++ linux-2.6.19.2/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2008-12-19 18:49:55.000000000 +0100
@@ -49,7 +49,7 @@
 /* "Be conservative in what you do, 
     be liberal in what you accept from others." 
     If it's non-zero, we mark only out of window RST segments as INVALID. */
-int ip_ct_tcp_be_liberal __read_mostly = 0;
+int ip_ct_tcp_be_liberal __read_mostly = 1;
 
 /* When connection is picked up from the middle, how many packets are required
    to pass in each direction when we assume we are in sync - if any side uses