LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-22-2009, 04:23 AM   #1
ravibhure
Member
 
Registered: May 2007
Posts: 75

Rep: Reputation: 15
ip_conntrack: table full, dropping packet


I am running one intranet website,for that I have set iptables for security, when I have started the iptables, I have found my box has disconnected from port 80, checked the messages and found very interesting things, can anyone please let me know what is issue and how to resolve this.

[root@ravi ~]# tail /var/log/messages -n 20
Oct 22 03:05:55 ravi xinetd[12897]: EXIT: nrpe status=0 pid=21613 duration=0(sec)
Oct 22 03:09:16 ravi kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Oct 22 03:09:16 ravi kernel: Netfilter messages via NETLINK v0.30.
Oct 22 03:09:16 ravi kernel: ip_conntrack version 2.4 (8192 buckets, 65536 max) - 304 bytes per conntrack
Oct 22 03:09:52 ravi kernel: printk: 1068 messages suppressed.
Oct 22 03:09:52 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:09:52 ravi last message repeated 9 times
Oct 22 03:09:57 ravi kernel: printk: 4930 messages suppressed.
Oct 22 03:09:57 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:10:02 ravi kernel: printk: 7005 messages suppressed.
Oct 22 03:10:02 ravi kernel: ip_conntrack: table full, dropping packet.
Oct 22 03:10:03 ravi kernel: Removing netfilter NETLINK layer.
Oct 22 03:11:10 ravi xinetd[12897]: START: nrpe pid=21826 from=10.1.1.148
Oct 22 03:11:10 ravi xinetd[12897]: EXIT: nrpe status=0 pid=21826 duration=0(sec)

ip_conntrack module is showing loaded
[root@ravi ~]# modinfo ip_conntrack
filename: /lib/modules/2.6.18-128.el5/kernel/net/ipv4/netfilter/ip_conntrack.ko
license: GPL
srcversion: F1390E605BBFB05078B78E8
depends: nfnetlink
vermagic: 2.6.18-128.el5 SMP mod_unload gcc-4.1
module_sig: 883f350497747c575ed35fe9471dce112565509f4b58f4f3e440c6bcc05c2fba9bbdd224bdeb8209e293da385133a876e44a 7b449ba59a882a8282b

but when trying to set the value for it says
"error: "net.ipv4.ip_conntrack_max" is an unknown key'

[root@ravi ~]# sysctl -w net.ipv4.ip_conntrack_max=262144
error: "net.ipv4.ip_conntrack_max" is an unknown key

My os is CentOS release 5.3 (Final)
kernel version is 2.6.18-128.el5 (x86_64)
Physical RAM = 16GB
 
Old 10-23-2009, 08:54 AM   #2
fpmurphy
Member
 
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 297

Rep: Reputation: 62
Does an ipv4.ip_conntrack_max entry exist in /proc/sys/net/ipv4?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ip_conntrack: CT 0: table full, dropping packet. jancat Linux - Server 2 02-01-2009 07:34 AM
ip_conntrack: table full, dropping packet masterross Red Hat 3 02-04-2008 09:48 AM
ip_conntrack,table full. santhosh23 Linux - Networking 1 07-28-2007 01:36 AM
ip_conntrack: table full, dropping packet. ingerul Linux - Networking 9 12-03-2004 02:46 PM
ip_conntrack table full Skunk_Face Linux - Security 1 11-01-2004 06:14 PM


All times are GMT -5. The time now is 08:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration