Upgrading to SuSE 9.2 will not solve the problem in any way. I had the same problem, and it was solved by removing the ip_conntrack module from that server. I have tryied to bump up the conntrack table size using /etc/sysctl.conf and boot.sysctl, it had no effect whatsoever. The system in question is a SuSE 9.2 Proffesional with the latest patches applied. lr2-tit1:~ # cat /etc/SuSE-release SuSE Linux 9.2 (i586) VERSION = 9.2 lr2-tit1:~ # uname -a Linux lr2-tit1 2.6.8-24.11-default #1 Fri Jan 14 13:01:26 UTC 2005 i686 athlon i386 GNU/Linux lr2-tit1:~ # lr2-tit1:~ # lsmod Module Size Used by af_packet 20872 0 evdev 8960 0 joydev 9664 0 sg 35872 0 st 37404 0 sd_mod 16912 0 sr_mod 16292 0 ide_cd 38176 0 cdrom 36508 2 sr_mod,ide_cd nvram 8328 0 edd 10012 0 ipt_REJECT 6784 15 cls_u32 8452 247 ipt_TOS 2560 2 sch_htb 23808 2 iptable_mangle 2944 1 iptable_filter 3072 1 ip_tables 17664 4 ipt_REJECT,ipt_TOS,iptable_mangle,iptable_filter ipv6 237312 33 via_agp 8960 1 agpgart 32168 1 via_agp sata_via 7428 0 libata 41860 1 sata_via scsi_mod 111052 5 sg,st,sd_mod,sr_mod,libata subfs 7552 1 r8169 18184 0 dm_mod 54524 0 usbcore 106724 1 sk98lin 173676 1 ext3 115688 2 jbd 61348 1 ext3 lr2-tit1:~ # cat /etc/sysctl.conf # Disable response to broadcasts. # You don't want yourself becoming a Smurf amplifier. net.ipv4.icmp_echo_ignore_broadcasts = 1 # enable route verification on all interfaces net.ipv4.conf.all.rp_filter = 1 # enable ipV6 forwarding #net.ipv6.conf.all.forwarding = 1 net.ipv4.netfilter.ip_conntrack_max = 65535 Best regards, Sandu Mihai Carl E. Hartung wrote:
On Thursday 24 February 2005 06:27, Ralf Ronneburger wrote: <snip>
Does anybody have the same problem and hopefully a solution? Any ideas how I can at least find out, which packets are dropped?
Hi Ralf,
This looked like an interesting problem to me last time it came up. I don't have an answer for you and since you haven't found one yet and it's been a month, I tried a little Google research. My search string was just the kernel error message, as you'll see, and the results:
"Results 1 - 10 of about 6,550 for linux kernel: ip_conntrack: table full, dropping packet. (0.88 seconds)"
Briefly scanning several pages of the results leads me to believe this problem isn't at all unique to SuSE and is somehow related to the 2.4 kernel.
Maybe it's time for you to become more aggressive in your research or to upgrade that system? ... to SLES9, perhaps, or even 9.2 with the current kernel? ... given the server's important job and the volume of traffic it's handling?
Just my two cents to throw in the hat. Good luck & regards,
- Carl