Set the connection tracking limit at /proc/sys/net/ipv4/ip_conntrack_max: Example: echo '100000' >> /proc/sys/net/ipv4/ip_conntrack_max > HI! > > I use iptables to do NAT in the NIC of my Univ. > > About 2000 computers connect to intranet and need to do NAT. > > I use a HP server 128M RAM, P3 1.2G CPU(Only 1,Not SMP), RedHat Linux > 9.0 > with iptables 1.2.8 > > I setup iptables only use NAT and ip_conntrack (and ftp surport). > > When iptables runing, anything seems well done. > > But soon, message post: > > "ip_tables: Neighbor Table Overflow!" and "ip_conntrack: table full, > dropping" > > My question is: > > 1. How many conntracks does ip_conntrack surport dur to my server? How > to increase it? > > 2. I have checked the source code of ip_tables, but can't find the > routine who post the first message. Please tell me what cause it and how > to > solve it. > > Tanks a lot! > > _________________________________________________________________ > ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/cn > > > Thanks, Josh Berry, CTO LinkNet-Solutions 469-831-8543 josh.berry@xxxxxxxxxxxxxxxxxxxxx
