On Wed, 2004-06-09 at 04:03, Naoki wrote: > Hi all, networking question. > > I have a /proc/sys/net/ipv4/ip_conntrack_max value of 65528 but still seeing loads of these messages and the machine loses connectivity. > > > NET: 990 messages suppressed. > ip_conntrack: table full, dropping packet. > NET: 88 messages suppressed. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > ip_conntrack: table full, dropping packet. > NET: 158 messages suppressed. > ip_conntrack: table full, dropping packet. > NET: 860 messages suppressed. > > Other than turning off iptables any ideas? The only time I saw my conntrack table getting full was when there was a computer running another OS with some backdoor or virus on it that was sending a lot of packets, the Linux box couldn't handle all those packets and became so slow I couldn't even log in. Took me a while to figure out that one. Check in your /proc/net/ip_conntrack to see why your table is full. -- Jean-Rene Cormier <jean-rene.cormier@xxxxxxxxx>
