Hi,
I know that this is a known problem but I don''t know the solution.
I have a linux server with iptables, kernel 2.4.17.
Now in logs appear (Debian):
kern.log:
Mar 1 23:12:55 cpie kernel: ip_conntrack: table full, dropping packet.
Mar 1 23:13:56 cpie last message repeated 10 times
Mar 1 23:13:59 cpie last message repeated 3 times
Mar 1 23:14:10 cpie kernel: NET: 1 messages suppressed.
Mar 1 23:14:10 cpie kernel: ip_conntrack: table full, dropping packet.
Mar 1 23:14:46 cpie last message repeated 2 times
Mar 1 23:15:51 cpie last message repeated 6 times
Mar 1 23:16:52 cpie last message repeated 6 times
Mar 1 23:17:26 cpie last message repeated 4 times
cpie:/var/log#
messages.log:
Mar 1 23:14:10 cpie kernel: ip_conntrack: table full, dropping packet.
bla bla bla
Mar 1 23:14:46 cpie last message repeated 2 times
Mar 1 23:15:51 cpie last message repeated 6 times
Mar 1 23:16:52 cpie last message repeated 6 times
Mar 1 23:17:26 cpie last message repeated 4 times
Mar 1 23:18:56 cpie last message repeated 9 times
And more information:
cpie:~# netstat -putan|wc -l
28
cpie:~#
cpie:~# cat /proc/net/ip_conntrack |wc -l
5810
cpie:~#
cpie:~# cat /proc/sys/net/ipv4/ip_conntrack_max
6000
cpie:~#
The connection from ip_conntract are like these:
tcp 6 351960 ESTABLISHED src=8asdf dst=asdf sport=1445
dport
=4662 src=dfasdf0 dst=dfdfd sport=4662 dport=1445 [ASSURED]
use=1
tcp 6 345355 ESTABLISHED src=asdfasdf8 dst=asdf sport=2649
dport
=4662 src=sdfasd dst=dfdf sport=4662 dport=2649 [ASSURED]
use=1
How can I "flush" all connection track?
I have compiled iptables into kernel, not as module.
Any ideas?
Thank you very much!
----
Carles Pina i Estany | Nick: Pinux / Pine / Teufeus
E-Mail: carles.pina@salleURL.edu / is08139@salleURL.edu / cpina@cat-linux.com
http://www.salleURL.edu/~is08139/
286+100=386 +100=486 +100=585.00000011. Well...let''s call it
Pentium.
