Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] still have problems with "kernel: ip_conntrack: table full, dropping packet."
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Wed, 09 Mar 2005 11:15:17 +0100
  • Message-id: <422ECCB5.8080600@xxxxxxxxxxxxxx>
Hi Sven,

Sven 'Darkman' Michels wrote:

nope, you can raise the number of possible conntrack entries. It depends
on how much ram your box have but usually doubleing the value is no
problem. Simply do:
echo 65520 > /proc/sys/net/ipv4/ip_conntrack_max
(or if unsure about ram usage, make it just 1.5 or so)

yes, agreed. But to know how close you are to your limit (RAM-limit or whatever limit you've set) you can still use slabinfo. And eventually (because of some overflow) you'll reach every limit.



< Previous Next >