diff -urNp ref/net/ipv4/netfilter/ip_conntrack_core.c 2.4.20pre5aa1/net/ipv4/netfilter/ip_conntrack_core.c
--- ref/net/ipv4/netfilter/ip_conntrack_core.c	Thu Aug 29 02:13:21 2002
+++ 2.4.20pre5aa1/net/ipv4/netfilter/ip_conntrack_core.c	Fri Aug 30 06:29:53 2002
@@ -47,6 +47,9 @@
 
 #define IP_CONNTRACK_VERSION	"2.1"
 
+/* Multiplier used to avoid hash clashes - should be a prime, and better not 2. */
+#define HASH_CONNTRACK_SRC_MULTIPLIER 7
+
 #if 0
 #define DEBUGP printk
 #else
@@ -114,12 +117,13 @@ hash_conntrack(const struct ip_conntrack
 	dump_tuple(tuple);
 #endif
 	/* ntohl because more differences in low bits. */
+	/* ports must be outside ntohl or else they will add to high bits. */
 	/* To ensure that halves of the same connection don't hash
-	   clash, we add the source per-proto again. */
-	return (ntohl(tuple->src.ip + tuple->dst.ip
-		     + tuple->src.u.all + tuple->dst.u.all
-		     + tuple->dst.protonum)
-		+ ntohs(tuple->src.u.all))
+	   clash, we use a multiplier for the src port. */
+	return (ntohl(tuple->src.ip + tuple->dst.ip)
+		+ HASH_CONNTRACK_SRC_MULTIPLIER * ntohs (tuple->src.u.all) 
+		+ ntohs (tuple->dst.u.all)
+		+ tuple->dst.protonum)
 		% ip_conntrack_htable_size;
 }
 
