Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] still have problems with "kernel: ip_conntrack: table full, dropping packet."
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Thu, 31 Mar 2005 16:42:21 +0200
  • Message-id: <424C0C4D.3040604@xxxxxxxxxxxxxx>
Hi Sandu,

I'm picking up this thread again, as the latest kernel patch for 9.2 is supposed to have a fix for that problem ("A dst leak problem in the ip_conntrack module of the iptables firewall was fixed. Only SUSE Linux versions using the 2.6 kernels are affected."). Does this fix it for you or for anybody else with the same problem on 9.2? The reason for my question - if it does not fix it, then there's no reason for me to update from 9.0 to 9.2, otherwise this would be a very strong reason to do so.

Thanks and greetings,

Ralf

Sandu Mihai wrote:

Upgrading to SuSE 9.2 will not solve the problem in any way. I had the same problem, and it was solved by removing the ip_conntrack module from that server.
I have tryied to bump up the conntrack table size using /etc/sysctl.conf and boot.sysctl, it had no effect whatsoever. The system in question is a SuSE 9.2 Proffesional with the latest patches applied.



< Previous Next >