I'm doing NAT for 200 workstations and 2 gre tunels with 4 users each. I also have in mangle table in PRETOURING chain, DROP rules for ports commonly used by blaster, welchia and other worms. I have never seen this problem until now and I did not get the chance to verify it under kernel 2.4.X. I use one class C private with private ips + another 2 class C for tunels. Maybe this message is because my users frequently scan the network with WS_PING to see what users are online (this produces arp-requests for each ip in that ip class)? Alex Iruc ----- Original Message ----- From: "Damjan" <gdamjan@xxxxxxxxxxx> To: <lartc@xxxxxxxxxxxxxxx> Cc: "Alex" <alex@xxxxxxxxxxxxxxxx> Sent: Tuesday, February 24, 2004 11:12 PM Subject: Re: Neighbour table overflow > > What is the cause for such a message while running kernel 2.6.1 on RH9 ? > > > > Neighbour table overflow. > > NET: 282 messages suppressed. > > Neighbour table overflow. > > ARP table overflow, > do you have an interface on your router with a too wide netmask? > /16 (255.255.0.0) maybe? > Do you have a lot of "(incomplete)" entries in "arp -n"? > > Check that interface with "tcpdump -i eth? -n arp". > > Probably some virus or port sniffer tries to scan your network. > > -- > Damjan Georgievski > jabberID: damjan@xxxxxxxxxxxx > > _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
