Re: HELP!!! (ip_conntrack: table full)

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Warren P" <warrenp@websurfer.co.za>
To: security@ezsm.net, Alpha Technologies <alphaside@yahoo.com>,
	netfilter@lists.netfilter.org
Subject: Re: HELP!!! (ip_conntrack: table full)
Date: Mon, 27 Oct 2003 21:52:53 +0200	[thread overview]
Message-ID: <web-171329066@mail01.infosat.net> (raw)
In-Reply-To: <200309191111.55721.security@ezsm.net>

hi

WRT echo ## > /proc/net/ip_conntrack 

Considering i've got 1gig of RAM ... what is a safe value i
can set ip_conntrack_max to? The current value is 65528

Also when you refer to dropping ip_conntrack ... do mean
like rmmod ip_conntrack.o?

Regards,
Warren P

-----------------------------------------------------------


On Fri, 19 Sep 2003 11:11:53 -0400
 Security <security@ezsm.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> First...here is what is happening:
> 
> Your max setting on the conntrack table can be seen at: 
> cat /proc/sys/net/ipv4/ip_conntrack_max
> 
> Your current number of entries in the conntrack table can
> be found like this:
> cat /proc/net/ip_conntrack | wc -l
> 
> Now, you have 2 choices on how to sort this out...
> 
> 1) raise the limit in /proc/net/ip_conntrack  
> To raise that limit:
> echo ## > /proc/net/ip_conntrack 
> (where ## is the new max you wish to set).
> 
> or 
> 2) flush the conntrack table 
> (for that.I am going to paste in from an earlier post to
> this list)
> 
> Just simply remove the mod ip_conntrac and any dependices
> and re-apply it.
> 
> **Warning** this will require you to drop iptables while
> you do it...which may
> not be a good option depening on your network
> configuration. **/Warning**
> 
> NH
> 
> On Thursday 11 September 2003 4:19 pm, Warren P wrote:
> > hi
> >
> > does anyone know how to clear/flush the ip_conntrack
> table. Every 4 to 6
> > months i need to reboot my server because it drops
> packets and complains
> > that the table is full ...
> >
> > Regards,
> > Warren P
> 
> 
> 
> On Friday 19 September 2003 10:43 am, Alpha Technologies
> wrote:
> > Recently I am having this messages on my system:
> "ip_conntrack: table
> > full". Please i need help. what is happening?
> >
> > This is my info:
> >
> > RedHat 9.0
> > Kernel: 2.4.20-18.9
> >
> >
> > I really apreciate any help.
> >
> > Thanks
> >
> > Pablo Tamayo
> >
> >
> >
> >
> >
> > ---------------------------------
> > Do You Yahoo!?
> > Todo lo que quieres saber de Estados Unidos, América
> Latina y el resto del
> > Mundo. Visíta Yahoo! Noticias.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
>
iD8DBQE/axy6PEfiOMhBaIMRAq2CAKCaZ94odX9aX3KaPhqF6pL340poRACffclm
> ySIf03dKHYvJy46KGQpM5M0=
> =cBZI
> -----END PGP SIGNATURE-----
>

next prev parent reply	other threads:[~2003-10-27 19:52 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20030919042818.24451.68672.Mailman@netfilter-sponsored-by.noris.net>
2003-09-19  6:44 ` Error message change request (Sigþór Jarðarson) Frederic de Villamil
2003-09-19 14:43 ` HELP!!! (ip_conntrack: table full) Alpha Technologies
2003-09-19 15:11   ` Security
2003-10-27 19:52     ` Warren P [this message]
2003-10-27 20:09       ` Oskar Andreasson
2003-10-27 20:09       ` NightHawk
2003-10-27 20:46         ` Warren P
2003-10-27 20:53           ` Security
2003-10-27 21:04           ` Oskar Andreasson
2003-10-27 20:21       ` NightHawk
2003-10-29  1:34         ` Edmund Turner
2003-10-29  1:50           ` Security
2003-10-29  1:58           ` Alistair Tonner
2003-10-27 20:23       ` Security
2003-09-19 15:15   ` Nox
2003-09-19 16:06     ` Cedric Blancher
2003-10-27 21:01 Daniel Chemko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=web-171329066@mail01.infosat.net \
    --to=warrenp@websurfer.co.za \
    --cc=alphaside@yahoo.com \
    --cc=netfilter@lists.netfilter.org \
    --cc=security@ezsm.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox