bugzilla-daemon@netfilter.org
2003-Jun-24 17:26 UTC
[Bug 105] New: Connection tracking table full, no new connections accepted
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=105
Summary: Connection tracking table full, no new connections
accepted
Product: netfilter/iptables
Version: linux-2.4.x
Platform: i386
OS/Version: Gentoo
Status: NEW
Severity: major
Priority: P2
Component: connection tracking
AssignedTo: laforge@netfilter.org
ReportedBy: sean@yak.net
CC: netfilter-buglog@lists.netfilter.org
I've had this problem twice now and figured it was serious enough to report.
I
am using iptables as a firewall/NAT device, kernel version 2.4.21 (directly from
kernel.org); I also encountered the problem in 2.4.20.
After a period of time, I get the following message in my kernel logs:
"ip_conntrack: table full, dropping packet." This message then repeats
-- a lot.
Thereafter, no new connections either to the outside world or directly to the
NAT machine are accepted but existing connections still work. Doing a userspace
flush, zero, and remove followed by my firewall/NAT rules doesn't seem to
restore things, either. Since I built all of the modules directly into the
kernel, I have not tried rmmod/insmod to see if that fixes things.
I know this is a vague description, but I can and will provide any more details
necessary to help track down this bug.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Possibly Parallel Threads
- [Bug 105] Connection tracking table full, no new connections accepted
- [Bug 105] Connection tracking table full, no new connections accepted
- [Bug 105] Connection tracking table full, no new connections accepted
- [Bug 91] New: conntrack unload loops forever (reproducible)
- [Bug 477] New: ip_conntrack_ftp.o: unresolved symbol ip_conntrack
Wisdom of the Ancients
