LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   ip_conntrack: table full, dropping packet (https://www.linuxquestions.org/questions/linux-newbie-8/ip_conntrack-table-full-dropping-packet-763647/)

ravibhure 10-22-2009 03:23 AM
ip_conntrack: table full, dropping packet
 
I am running one intranet website,for that I have set iptables for security, when I have started the iptables, I have found my box has disconnected from port 80, checked the messages and found very interesting things, can anyone please let me know what is issue and how to resolve this.

[root@ravi ~]# tail /var/log/messages -n 20
Oct 22 03:05:55 ravi xinetd[12897]: EXIT: nrpe status=0 pid=21613 duration=0(sec)
Oct 22 03:09:16 ravi kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Oct 22 03:09:16 ravi kernel: Netfilter messages via NETLINK v0.30.
Oct 22 03:09:16 ravi kernel: ip_conntrack version 2.4 (8192 buckets, 65536 max) - 304 bytes per conntrack
Oct 22 03:09:52 ravi kernel: printk: 1068 messages suppressed.
Oct 22 03:09:52 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:09:52 ravi last message repeated 9 times
Oct 22 03:09:57 ravi kernel: printk: 4930 messages suppressed.
Oct 22 03:09:57 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:10:02 ravi kernel: printk: 7005 messages suppressed.
Oct 22 03:10:02 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:10:03 ravi kernel: Removing netfilter NETLINK layer.
Oct 22 03:11:10 ravi xinetd[12897]: START: nrpe pid=21826 from=10.1.1.148
Oct 22 03:11:10 ravi xinetd[12897]: EXIT: nrpe status=0 pid=21826 duration=0(sec)

ip_conntrack module is showing loaded
[root@ravi ~]# modinfo ip_conntrack
filename: /lib/modules/2.6.18-128.el5/kernel/net/ipv4/netfilter/ip_conntrack.ko
license: GPL
srcversion: F1390E605BBFB05078B78E8
depends: nfnetlink
vermagic: 2.6.18-128.el5 SMP mod_unload gcc-4.1
module_sig: 883f350497747c575ed35fe9471dce112565509f4b58f4f3e440c6bcc05c2fba9bbdd224bdeb8209e293da385133a876e44a 7b449ba59a882a8282b

but when trying to set the value for it says
"error: "net.ipv4.ip_conntrack_max" is an unknown key'

[root@ravi ~]# sysctl -w net.ipv4.ip_conntrack_max=262144
error: "net.ipv4.ip_conntrack_max" is an unknown key

My os is CentOS release 5.3 (Final)
kernel version is 2.6.18-128.el5 (x86_64)
Physical RAM = 16GB

fpmurphy 10-23-2009 07:54 AM
Does an ipv4.ip_conntrack_max entry exist in /proc/sys/net/ipv4?


All times are GMT -5. The time now is 05:29 PM.