Re: HELP!!! (ip_conntrack: table full)

"Warren P" <warrenp@xxxxxxxxxxxxxxx> · Mon, 27 Oct 2003 21:52:53 +0200

hi

WRT echo ## > /proc/net/ip_conntrack 

Considering i've got 1gig of RAM ... what is a safe value i
can set ip_conntrack_max to? The current value is 65528

Also when you refer to dropping ip_conntrack ... do mean
like rmmod ip_conntrack.o?

Regards,
Warren P

-----------------------------------------------------------

On Fri, 19 Sep 2003 11:11:53 -0400
 Security <security@xxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> First...here is what is happening:
> 
> Your max setting on the conntrack table can be seen at: 
> cat /proc/sys/net/ipv4/ip_conntrack_max
> 
> Your current number of entries in the conntrack table can
> be found like this:
> cat /proc/net/ip_conntrack | wc -l
> 
> Now, you have 2 choices on how to sort this out...
> 
> 1) raise the limit in /proc/net/ip_conntrack  
> To raise that limit:
> echo ## > /proc/net/ip_conntrack 
> (where ## is the new max you wish to set).
> 
> or 
> 2) flush the conntrack table 
> (for that.I am going to paste in from an earlier post to
> this list)
> 
> Just simply remove the mod ip_conntrac and any dependices
> and re-apply it.
> 
> **Warning** this will require you to drop iptables while
> you do it...which may
> not be a good option depening on your network
> configuration. **/Warning**
> 
> NH
> 
> On Thursday 11 September 2003 4:19 pm, Warren P wrote:
> > hi
> >
> > does anyone know how to clear/flush the ip_conntrack
> table. Every 4 to 6
> > months i need to reboot my server because it drops
> packets and complains
> > that the table is full ...
> >
> > Regards,
> > Warren P
> 
> 
> 
> On Friday 19 September 2003 10:43 am, Alpha Technologies
> wrote:
> > Recently I am having this messages on my system:
> "ip_conntrack: table
> > full". Please i need help. what is happening?
> >
> > This is my info:
> >
> > RedHat 9.0
> > Kernel: 2.4.20-18.9
> >
> >
> > I really apreciate any help.
> >
> > Thanks
> >
> > Pablo Tamayo
> >
> >
> >
> >
> >
> > ---------------------------------
> > Do You Yahoo!?
> > Todo lo que quieres saber de Estados Unidos, América
> Latina y el resto del
> > Mundo. Visíta Yahoo! Noticias.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> 
>
iD8DBQE/axy6PEfiOMhBaIMRAq2CAKCaZ94odX9aX3KaPhqF6pL340poRACffclm
> ySIf03dKHYvJy46KGQpM5M0=
> =cBZI
> -----END PGP SIGNATURE-----
> 