[NTLUG:Discuss] ip_conntrack questions
Leroy Tennison
leroy_tennison at prodigy.net
Fri Jun 9 16:48:27 CDT 2006
Terry Henderson wrote:
> See:
> # cat /proc/net/ip_conntrack
>
> The max number of connections is set in ip_conntrack_max
>
> # cat /proc/sys/net/ipv4/ip_conntrack_max
>
> I think you can increase it with:
>
> # echo "########" > /proc/sys/net/ipv4/ip_conntrack_max
>
> (Where ######## is the new number amoutn to increase to.)
>
>
> On 6/9/06, m m <llliiilll at hotmail.com> wrote:
>
>> All:
>>
>> I have been run the same server (RH 6.0) for more than 6 years,
>> Recently I get this message very often -- about every 2-3 weeks.
>>
>> ip_conntrack: table full, dropping packet.
>>
>> I even increased the MAX value.
>> still happens every 2-3 weeks,
>> can any one think about what's going on it?
>> any one have quick way to flush the table without reboot?
>>
>> If I don't load module ip_conntrack, this problem should be go away?
>>
>> Thanks
>>
>> _________________________________________________________________
>> Express yourself instantly with MSN Messenger! Download today - it's FREE!
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>> _______________________________________________
>> http://ntlug.pmichaud.com/mailman/listinfo/discuss
>>
>>
>
>
>
I assume by it's name that ip_conntrack is tracking ip connections, right?
If so I'm further speculating that it has to do with iptables' stateful
inspection processing. Right?
If so then further speculation is that the number of connections
attempting to be tracked is being exceeded. If this is the case
wouldn't we need to know more about the iptables configuration to
determine the source of the problem?
More information about the Discuss
mailing list