LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 01-22-2008, 04:49 AM   #1
masterross
Member
 
Registered: Nov 2005
Distribution: Slack 10.2, CentOS 4.x
Posts: 83

Rep: Reputation: 17
ip_conntrack: table full, dropping packet


hello,

I have problem with ip_conntrack.
Seems like it's overloaded

I'm on CentOS 5.0
custom kernel 2.6.18.2

here is the msg:
Code:
Jan 22 12:46:11 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:16 rsn kernel: printk: 395 messages suppressed.
Jan 22 12:46:16 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:21 rsn kernel: printk: 403 messages suppressed.
Jan 22 12:46:21 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:27 rsn kernel: printk: 326 messages suppressed.
Jan 22 12:46:27 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:31 rsn kernel: printk: 343 messages suppressed.
Jan 22 12:46:31 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:36 rsn kernel: printk: 447 messages suppressed.
Jan 22 12:46:36 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:41 rsn kernel: printk: 313 messages suppressed.
Jan 22 12:46:41 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:46 rsn kernel: printk: 374 messages suppressed.
Jan 22 12:46:46 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:51 rsn kernel: printk: 590 messages suppressed.
Jan 22 12:46:51 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:46:56 rsn kernel: printk: 497 messages suppressed.
Jan 22 12:46:56 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:01 rsn kernel: printk: 447 messages suppressed.
Jan 22 12:47:01 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:06 rsn kernel: printk: 450 messages suppressed.
Jan 22 12:47:06 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:11 rsn kernel: printk: 322 messages suppressed.
Jan 22 12:47:11 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:16 rsn kernel: printk: 372 messages suppressed.
Jan 22 12:47:16 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:21 rsn kernel: printk: 390 messages suppressed.
Jan 22 12:47:21 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:26 rsn kernel: printk: 377 messages suppressed.
Jan 22 12:47:26 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:31 rsn kernel: printk: 445 messages suppressed.
Jan 22 12:47:31 rsn kernel: ip_conntrack: table full, dropping packet.
Jan 22 12:47:36 rsn kernel: printk: 374 messages suppressed.
Jan 22 12:47:36 rsn kernel: ip_conntrack: table full, dropping packet.
any suggestions?
 
Old 01-22-2008, 05:18 AM   #2
masterross
Member
 
Registered: Nov 2005
Distribution: Slack 10.2, CentOS 4.x
Posts: 83

Original Poster
Rep: Reputation: 17
here is a part of tcpdump -i eth0 -nv


Code:
230.229.http: ., cksum 0xa2aa (correct), ack 7060 win 65535
13:00:06.765765 IP (tos 0x0, ttl 112, id 45285, offset 0, flags [DF], proto: TCP (6), length: 398) 89.4.199.217.60872 > xxx.xxx.xxx.xxx.sso-service: P 0:358(358) ack 1 win 17424
13:00:06.765778 IP (tos 0x0, ttl  64, id 19156, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: ., cksum 0x406f (correct), ack 358 win 6432
13:00:06.765871 IP (tos 0x0, ttl  64, id 19157, offset 0, flags [DF], proto: TCP (6), length: 312) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: P 1:273(272) ack 358 win 6432
13:00:06.765882 IP (tos 0x0, ttl  64, id 19158, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 89.4.199.217.60872: F, cksum 0x3f5e (correct), 273:273(0) ack 358 win 6432
13:00:06.766843 IP (tos 0x0, ttl  57, id 19114, offset 0, flags [DF], proto: TCP (6), length: 60) 195.189.142.140.38756 > xxx.xxx.xxx.xxx.http: S, cksum 0x484a (correct), 366364356:366364356(0) win 5840 <mss 1460,sackOK,timestamp 1508379758 0,nop,wscale 7>
13:00:06.767326 IP (tos 0x0, ttl  57, id 33277, offset 0, flags [DF], proto: TCP (6), length: 60) 195.189.142.140.38757 > xxx.xxx.xxx.xxx.http: S, cksum 0x0194 (correct), 364678547:364678547(0) win 5840 <mss 1460,sackOK,timestamp 1508379758 0,nop,wscale 7>
13:00:06.768583 IP (tos 0x0, ttl 114, id 4100, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.39.149.navbuddy > xxx.xxx.xxx.xxx.http: ., cksum 0x2faf (correct), ack 7200 win 65535
13:00:06.769084 IP (tos 0x0, ttl 116, id 26020, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.citrixadmin > xxx.xxx.xxx.xxx.http: S, cksum 0xa627 (correct), 3034532086:3034532086(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.769105 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 44) xxx.xxx.xxx.xxx.http > 220.224.124.41.citrixadmin: S, cksum 0x8521 (correct), 334449469:334449469(0) ack 3034532087 win 5840 <mss 1460>
13:00:06.769108 IP (tos 0x0, ttl 116, id 26021, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.fjappmgrbulk > xxx.xxx.xxx.xxx.http: S, cksum 0x1509 (correct), 4076182529:4076182529(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.769114 IP (tos 0x0, ttl  52, id 10487, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50121 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0xf975 (correct), ack 96 win 16850
13:00:06.769233 IP (tos 0x0, ttl 116, id 26022, offset 0, flags [DF], proto: TCP (6), length: 48) 220.224.124.41.fjmpss > xxx.xxx.xxx.xxx.http: S, cksum 0xa6e5 (correct), 3824818465:3824818465(0) win 16384 <mss 1460,nop,nop,sackOK>
13:00:06.770264 IP (tos 0x0, ttl  57, id 32612, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38683 > xxx.xxx.xxx.xxx.http: ., cksum 0xf4ab (correct), ack 31190 win 65160 <nop,nop,timestamp 1508379759 119928062>
13:00:06.770461 IP (tos 0x0, ttl 110, id 28641, offset 0, flags [DF], proto: TCP (6), length: 48) 24.143.231.119.gdp-port > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x6a7d (correct), 1372683647:1372683647(0) win 64240 <mss 1460,nop,nop,sackOK>
13:00:06.771007 IP (tos 0x0, ttl  52, id 10488, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50121 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0xf974 (correct), 334:334(0) ack 96 win 16850
13:00:06.771014 IP (tos 0x0, ttl  64, id 63042, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50121: ., cksum 0x2227 (correct), ack 335 win 6432
13:00:06.772001 IP (tos 0x0, ttl 115, id 61229, offset 0, flags [DF], proto: TCP (6), length: 40) 91.148.102.104.62080 > xxx.xxx.xxx.xxx.http: ., cksum 0x5b29 (correct), ack 4266 win 65535
13:00:06.772583 IP (tos 0x0, ttl 109, id 55646, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.78.32.socorfs > xxx.xxx.xxx.xxx.http: ., cksum 0xa2aa (correct), ack 8472 win 64123
13:00:06.773810 IP (tos 0x0, ttl 114, id 4101, offset 0, flags [DF], proto: TCP (6), length: 40) 59.95.39.149.navbuddy > xxx.xxx.xxx.xxx.http: ., cksum 0x2a0f (correct), ack 8640 win 65535
13:00:06.775177 IP (tos 0x0, ttl 116, id 35377, offset 0, flags [DF], proto: TCP (6), length: 48) 85.197.222.45.12868 > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x36dd (correct), 3790126493:3790126493(0) win 65535 <mss 1452,nop,nop,sackOK>
13:00:06.775199 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto: TCP (6), length: 44) xxx.xxx.xxx.xxx.sso-service > 85.197.222.45.12868: S, cksum 0x14f1 (correct), 326962317:326962317(0) ack 3790126494 win 5840 <mss 1460>
13:00:06.775227 IP (tos 0x0, ttl 115, id 17730, offset 0, flags [DF], proto: TCP (6), length: 40) 86.121.19.152.apc-2260 > xxx.xxx.xxx.xxx.http: ., cksum 0xe38f (correct), ack 5760 win 65535
13:00:06.775238 IP (tos 0x0, ttl  64, id 21623, offset 0, flags [DF], proto: TCP (6), length: 4360) xxx.xxx.xxx.xxx.http > 86.121.19.152.apc-2260: . 7200:11520(4320) ack 1 win 7160
13:00:06.776498 IP (tos 0x0, ttl 111, id 56379, offset 0, flags [DF], proto: TCP (6), length: 40) 124.217.42.105.syncserver > xxx.xxx.xxx.xxx.http: ., cksum 0x7b52 (correct), ack 4297 win 65535
13:00:06.776508 IP (tos 0x0, ttl  64, id 43055, offset 0, flags [DF], proto: TCP (6), length: 4336) xxx.xxx.xxx.xxx.http > 124.217.42.105.syncserver: . 5729:10025(4296) ack 0 win 7180
13:00:06.777007 IP (tos 0x0, ttl  52, id 10489, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50123 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x4b0d (correct), ack 96 win 16850
13:00:06.777991 IP (tos 0x0, ttl 113, id 28754, offset 0, flags [DF], proto: TCP (6), length: 48) 60.50.130.107.etftp > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x4610 (correct), 997555797:997555797(0) win 30492 <mss 1432,nop,nop,sackOK>
13:00:06.777999 IP (tos 0x0, ttl  52, id 10490, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50123 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x4b0c (correct), 340:340(0) ack 96 win 16850
13:00:06.778005 IP (tos 0x0, ttl  64, id 50103, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50123: ., cksum 0x73be (correct), ack 341 win 6432
13:00:06.779030 IP (tos 0x0, ttl 114, id 7016, offset 0, flags [DF], proto: TCP (6), length: 40) 219.74.32.207.50148 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x83b3 (correct), ack 68 win 64174
13:00:06.779607 IP (tos 0x0, ttl  57, id 32613, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38683 > xxx.xxx.xxx.xxx.http: F, cksum 0xf4a8 (correct), 1006:1006(0) ack 31190 win 65160 <nop,nop,timestamp 1508379761 119928062>
13:00:06.779614 IP (tos 0x0, ttl  64, id 5831, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.xxx.xxx.xxx.http > 195.189.142.140.38683: ., cksum 0xd75d (correct), ack 1007 win 7035 <nop,nop,timestamp 119928151 1508379761>
13:00:06.779619 IP (tos 0x0, ttl 114, id 7017, offset 0, flags [DF], proto: TCP (6), length: 40) 219.74.32.207.50148 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x83b2 (correct), 349:349(0) ack 68 win 64174
13:00:06.779624 IP (tos 0x0, ttl  64, id 14969, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 219.74.32.207.50148: ., cksum 0x6541 (correct), ack 350 win 6432
13:00:06.779628 IP (tos 0x0, ttl  57, id 60438, offset 0, flags [DF], proto: TCP (6), length: 52) 195.189.142.140.38680 > xxx.xxx.xxx.xxx.http: F, cksum 0x4b9c (correct), 1023:1023(0) ack 1073 win 7497 <nop,nop,timestamp 1508379761 119927985>
13:00:06.779634 IP (tos 0x0, ttl  64, id 33208, offset 0, flags [DF], proto: TCP (6), length: 52) xxx.xxx.xxx.xxx.http > 195.189.142.140.38680: ., cksum 0x4c4d (correct), ack 1024 win 7154 <nop,nop,timestamp 119928151 1508379761>
13:00:06.781784 IP (tos 0x0, ttl 111, id 45286, offset 0, flags [DF], proto: TCP (6), length: 52) 89.4.199.217.60896 > xxx.xxx.xxx.xxx.sso-service: S, cksum 0x86cc (correct), 2367669736:2367669736(0) win 16384 <mss 1452,nop,wscale 0,nop,nop,sackOK>
13:00:06.782700 IP (tos 0x0, ttl  52, id 10491, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50124 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0x110e (correct), ack 140 win 16806
13:00:06.782988 IP (tos 0x0, ttl 122, id 31630, offset 0, flags [DF], proto: TCP (6), length: 40) 86.82.152.254.21041 > xxx.xxx.xxx.xxx.sso-service: ., cksum 0xec46 (correct), ack 68 win 64174
13:00:06.783681 IP (tos 0x0, ttl  52, id 10492, offset 0, flags [DF], proto: TCP (6), length: 40) 58.69.51.124.50124 > xxx.xxx.xxx.xxx.sso-service: F, cksum 0x110d (correct), 336:336(0) ack 140 win 16806
13:00:06.783687 IP (tos 0x0, ttl  64, id 57517, offset 0, flags [DF], proto: TCP (6), length: 40) xxx.xxx.xxx.xxx.sso-service > 58.69.51.124.50124: ., cksum 0x3993 (correct), ack 337 win 6432
13:00:06.784047 IP (tos 0x0, ttl  51, id 52171, offset 0, flags [DF], proto: TCP (6), length: 40) 195.142.236.12.40173 > xxx.xxx.xxx.xxx.http: ., cksum 0xcbc8 (correct), ack 1 win 65535
13:00:06.785826 IP (tos 0x0, ttl  51, id 52172, offset 0, flags [DF], proto: TCP (6), length: 728) 195.
where xxx.xxx.xxx.xxx in my server IP
 
Old 01-23-2008, 08:11 AM   #3
masterross
Member
 
Registered: Nov 2005
Distribution: Slack 10.2, CentOS 4.x
Posts: 83

Original Poster
Rep: Reputation: 17
So there are no Linux gurus here? Right?
 
Old 02-04-2008, 08:48 AM   #4
alose
Member
 
Registered: Dec 2004
Location: Fort Myers, FL
Distribution: Mandrake
Posts: 32

Rep: Reputation: 15
Your ip_conntrack table is full. This is the table the kernel uses to track forwarded packets. To see how many connections are currently being tracked :
Code:
sysctl net.ipv4.netfilter.ip_conntrack_max
It should be safe to double the number:
Code:
sysctl -w  net.ipv4.netfilter.ip_conntrack_max=2x#
Should that not cause any problems edit
Code:
/etc/sysctl.conf
and add the following line:
Code:
net.ipv4.netfilter.ip_conntrack_max=2x#
This will make the change permanent should you need to reboot the box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ip_conntrack table full csdhiman Linux - Server 10 03-14-2008 10:11 AM
ip_conntrack,table full. santhosh23 Linux - Networking 1 07-28-2007 12:36 AM
ip_conntrack: table full, dropping packet. ingerul Linux - Networking 9 12-03-2004 01:46 PM
ip_conntrack table full Skunk_Face Linux - Security 1 11-01-2004 05:14 PM
ip_conntrack table full despite relatively few connections tvynr Linux - Networking 3 10-04-2004 05:03 PM


All times are GMT -5. The time now is 03:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration