On Tuesday 17 June 2003 09:01, Farkas Levente wrote: > hi, > so my biggest problem is that, when I've got these error and keep > getting the error, than do wc -l /proc/net/ip_conntrack and it's just > 300-400 so I assume 48632 is more than enough. am I wrong? Hmm no not wrong, i am sure that wc -l /proc/net/ip_conntrack represents current contrack but not so sure the value from /proc/sys/net/ipv4/ip_conntrack_max represents numbers of connections, it may represents memory or othere measure units of tracked connections ? Just try to increase, to test increase cost you nothing just a little experiment. I solved some droping problems by increase /proc/net/ip_conntrack so increasing it worked for me. Otherwise dont know, maybe it is broken in kernel ?!? > > Balint Cristian wrote: > > On Tuesday 17 June 2003 15:23, Farkas Levente wrote: > >>hi, > >>I forgot to mention that it can't be the reason: > >># cat /proc/sys/net/ipv4/ip_conntrack_max > >>48632 > >> > >>Balint Cristian wrote: > >>>[root@xxxxx root]# cat /proc/sys/net/ipv4/ip_conntrack_max > >>>8184 > >>> > >>>It is 8000 entry by default > >>> > >>>you can change it: > >>>[root@xxxxx root]# > > > > echo 1024000 > /proc/sys/net/ipv4/ip_conntrack_max > > > > try much higher value than 48632 !!! > > > >>>Be careful if increase will eat more memory .... > >>> > >>>On Tuesday 17 June 2003 14:29, Farkas Levente wrote: > >>>>hi, > >>>>we've a fully updated rh8.0 firewall with kernel-2.4.20-18.8, > >>>>iptables-1.2.6a-2. we got the following error about once a week: > >>>>----------------------------------------- > >>>>Jun 13 05:21:41 portal kernel: ip_conntrack: table full, dropping > >>>> packet. Jun 13 05:21:47 portal last message repeated 10 times > >>>>Jun 13 05:21:51 portal kernel: NET: 6 messages suppressed. > >>>>Jun 13 05:21:51 portal kernel: ip_conntrack: table full, dropping > >>>> packet. Jun 13 05:21:57 portal kernel: NET: 3 messages suppressed. > >>>>Jun 13 05:21:57 portal kernel: ip_conntrack: table full, dropping > >>>> packet. ----------------------------------------- > >>>>in this case we cant do anything just reboot the server. the strange is > >>>>that in this case: > >>>>wc -l /proc/net/ip_conntrack > >>>>is about 3-400, while during the normal operation it's about 1000-1500. > >>>>so I don't know what can be the problem in this case. what can I do to > >>>>find out the reason for this problem? and how to solve it? > >>>>thank you for your help in advance. -- Life in itself has no meaning. Life is an opportunity to create meaning. \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-devel-list