Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] still have problems with "kernel: ip_conntrack: table full, dropping packet."
  • From: Marc Samendinger <marc.samendinger@xxxxxxxxxxxx>
  • Date: Wed, 9 Mar 2005 10:44:48 +0100
  • Message-id: <20050309094448.GF14027@xxxxxxxxxxxxxxxxxxxxxx>
On Wed, Mar 09, 2005 at 10:28:46AM +0100, Ralf Ronneburger wrote:
> Hi Marc,
>
> Marc Samendinger wrote:
>
> ><snip>
> >
> >Any tips on what to do with my SuSE 9.0 box?
> ></snip>
> >
> >
> do you have an ftp-server behind the box? What I found out for SuSE 9.0
> is, that ftp-connections through the firewall boost up the
> connection-usage. Besides you can find out, how close you are to the

theres no ftp server behind the gateway. And

> "kernel: ip_conntrack: table full, dropping packet." messages, when you
> check the following:
>
> linux:~ # cat /proc/slabinfo | grep ip_conntrack
> ip_conntrack 32566 32772 320 2729 2731 1

I haven't known that one thanks.
But the machine is allready rebooted, I'll check this next time.

> linux:~ # cat /proc/sys/net/ipv4/ip_conntrack_max
> 32760

> Once the the number of currently active objects (in this case 32566)
> gets up to the number configured in ip_conntrack_max, then you'll get
> the "dropping packet"-message in /var/log/messages and then afaik all
> you can do is reboot.
>
> Greetings,
>
> Ralf

Thanks for your efforts
marc

< Previous Next >