|
I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables
suggested My iptables rules are #that's what the mentioned article suggested..I'm not sure it's working! *raw -A PREROUTING -p tcp -m tcp --dport 80 -j NOTRACK COMMIT *filter -A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT #no tracking needed for this -A INPUT -p tcp --dport 80 -j ACCEPT #that would be another question but I can't get rid of this while using ssh tunneling -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #ssh port -A INPUT -p tcp --dport 12345 -j ACCEPT #my ip -A INPUT -s 123.123.123.123 -j ACCEPT -A INPUT -j DROP -A FORWARD -j DROP COMMIT I keep getting these messages on my kernel log Apr 13 20:00:41 server kernel: ip_conntrack: table full, dropping packet. Apr 15 14:23:29 server kernel: ip_conntrack: table full, dropping packet. Apr 15 20:19:04 server last message repeated 2 times Apr 16 13:53:58 server kernel: ip_conntrack: table full, dropping packet. Apr 17 19:05:32 server last message repeated 3 times Apr 17 21:20:43 server kernel: ip_conntrack: table full, dropping packet. is there a way to completely disable ip_conntrack ? |
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
