2.4.22-1.2115.nptl and ip_conntrack_max
Jean-Rene Cormier
jean-rene.cormier at cipanb.ca
Wed Jun 9 11:14:46 UTC 2004
On Wed, 2004-06-09 at 04:03, Naoki wrote:
> Hi all, networking question.
>
> I have a /proc/sys/net/ipv4/ip_conntrack_max value of 65528 but still seeing loads of these messages and the machine loses connectivity.
>
>
> NET: 990 messages suppressed.
> ip_conntrack: table full, dropping packet.
> NET: 88 messages suppressed.
> ip_conntrack: table full, dropping packet.
> ip_conntrack: table full, dropping packet.
> ip_conntrack: table full, dropping packet.
> ip_conntrack: table full, dropping packet.
> ip_conntrack: table full, dropping packet.
> ip_conntrack: table full, dropping packet.
> NET: 158 messages suppressed.
> ip_conntrack: table full, dropping packet.
> NET: 860 messages suppressed.
>
> Other than turning off iptables any ideas?
The only time I saw my conntrack table getting full was when there was a
computer running another OS with some backdoor or virus on it that was
sending a lot of packets, the Linux box couldn't handle all those
packets and became so slow I couldn't even log in. Took me a while to
figure out that one.
Check in your /proc/net/ip_conntrack to see why your table is full.
--
Jean-Rene Cormier <jean-rene.cormier at cipanb.ca>
More information about the fedora-list
mailing list