Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] still have problems with "kernel: ip_conntrack: table full, dropping packet."
  • From: Ralf Ronneburger <ralf@xxxxxxxxxxxxxx>
  • Date: Wed, 09 Mar 2005 10:28:46 +0100
  • Message-id: <422EC1CE.5050603@xxxxxxxxxxxxxx>
Hi Marc,

Marc Samendinger wrote:

<snip>

Any tips on what to do with my SuSE 9.0 box?
</snip>

do you have an ftp-server behind the box? What I found out for SuSE 9.0 is, that ftp-connections through the firewall boost up the connection-usage. Besides you can find out, how close you are to the "kernel: ip_conntrack: table full, dropping packet." messages, when you check the following:

linux:~ # cat /proc/slabinfo | grep ip_conntrack
ip_conntrack 32566 32772 320 2729 2731 1
linux:~ # cat /proc/sys/net/ipv4/ip_conntrack_max
32760

Once the the number of currently active objects (in this case 32566) gets up to the number configured in ip_conntrack_max, then you'll get the "dropping packet"-message in /var/log/messages and then afaik all you can do is reboot.

Greetings,

Ralf



< Previous Next >