[LARTC] ip_conntrack: table full, dropping packet.

* [LARTC] ip_conntrack: table full, dropping packet.
@ 2002-03-01 22:22 Carles Pina i Estany
  0 siblings, 0 replies; only message in thread
From: Carles Pina i Estany @ 2002-03-01 22:22 UTC (permalink / raw)
  To: lartc

Hi,

I know that this is a known problem but I don't know the solution.

I have a linux server with iptables, kernel 2.4.17.

Now in logs appear (Debian):

kern.log:

Mar  1 23:12:55 cpie kernel: ip_conntrack: table full, dropping packet.
Mar  1 23:13:56 cpie last message repeated 10 times
Mar  1 23:13:59 cpie last message repeated 3 times
Mar  1 23:14:10 cpie kernel: NET: 1 messages suppressed.
Mar  1 23:14:10 cpie kernel: ip_conntrack: table full, dropping packet.
Mar  1 23:14:46 cpie last message repeated 2 times
Mar  1 23:15:51 cpie last message repeated 6 times
Mar  1 23:16:52 cpie last message repeated 6 times
Mar  1 23:17:26 cpie last message repeated 4 times
cpie:/var/log#

messages.log:

Mar  1 23:14:10 cpie kernel: ip_conntrack: table full, dropping packet.
bla bla bla
Mar  1 23:14:46 cpie last message repeated 2 times
Mar  1 23:15:51 cpie last message repeated 6 times
Mar  1 23:16:52 cpie last message repeated 6 times
Mar  1 23:17:26 cpie last message repeated 4 times
Mar  1 23:18:56 cpie last message repeated 9 times

And more information:

cpie:~# netstat -putan|wc -l
     28
cpie:~#

cpie:~# cat /proc/net/ip_conntrack |wc -l
   5810
cpie:~#

cpie:~# cat /proc/sys/net/ipv4/ip_conntrack_max
6000
cpie:~#

The connection from ip_conntract are like these:

tcp      6 351960 ESTABLISHED srcäsdf dst=asdf sport\x1445
dport
F62 srcﬂasdf0 dstﬂdfd sportF62 dport\x1445 [ASSURED]
use=1
tcp      6 345355 ESTABLISHED src=asdfasdf8 dst=asdf sport&49
dport
F62 src=sdfasd dstﬂdf sportF62 dport&49 [ASSURED]
use=1

How can I "flush" all connection track?

I have compiled iptables into kernel, not as module.

Any ideas?

Thank you very much!

----
Carles Pina i Estany | Nick: Pinux / Pine / Teufeus
E-Mail: carles.pina@salleURL.edu / is08139@salleURL.edu / cpina@cat-linux.com
http://www.salleURL.edu/~is08139/

   286+10086 +100H6 +100X5.00000011. Well...let's call it Pentium.

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] only message in thread