ip_contrackt message

ip_contrackt message

[Erwin Ambrosch]

Hi all,

I'm using iptables-1.2.5-3 and got the following messages in my logfile.
Please can one say me what exactly does this mean.

....
Aug 27 16:28:59 paul kernel: NET: 6 messages suppressed.
Aug 27 16:28:59 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:04 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:04 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:08 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:08 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:14 paul kernel: NET: 9 messages suppressed.
Aug 27 16:29:14 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:19 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:19 paul kernel: ip_conntrack: table full, dropping packet.
....


Thanks in advance

Erwin

RE: ip_contrackt message

[Mark E. Donaldson]

Can't say I've ever seen this before but I might venture to guess you State
Table has filled up and can accept no more connections.   The number of
connection allowed by default is determined by the amount of RAM your
machine has, i.e. 128 MB of RAM you will get 8192 possible entries and with
256 MB of RAM you will get 16376 entries, etc. You might try increasing the
number of permitted table entries by setting
/proc/sys/net/ipv4/ip_conntrack_max to a
higher number and see if the system corrects itself.  This is just a guess.

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org]On Behalf Of Erwin Ambrosch
Sent: Wednesday, August 27, 2003 1:44 PM
To: netfilter@lists.netfilter.org
Subject: ip_contrackt message


Hi all,

I'm using iptables-1.2.5-3 and got the following messages in my logfile.
Please can one say me what exactly does this mean.

....
Aug 27 16:28:59 paul kernel: NET: 6 messages suppressed.
Aug 27 16:28:59 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:04 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:04 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:08 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:08 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:14 paul kernel: NET: 9 messages suppressed.
Aug 27 16:29:14 paul kernel: ip_conntrack: table full, dropping packet.
Aug 27 16:29:19 paul kernel: NET: 7 messages suppressed.
Aug 27 16:29:19 paul kernel: ip_conntrack: table full, dropping packet.
....


Thanks in advance

Erwin

Re: ip_contrackt message

[Ralf Spenneberg]

Am Mit, 2003-08-27 um 22.44 schrieb Erwin Ambrosch:
> Hi all,
> 
> I'm using iptables-1.2.5-3 and got the following messages in my logfile.
> Please can one say me what exactly does this mean.
Apparently your ip_conntrack table is full. This table has a maximum
size:
/proc/net/ipv4/ip_conntrack_max
You can set it using 
echo X > /proc/net/ipv4/ip_conntrack_max
Replace X with a number.

Read up on conntrack_max and remember to set the hashsize for
performance issues.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org