search for: nf_conntrack_max

http://bugzilla.netfilter.org/show_bug.cgi?id=722 Summary: double entry of nf_conntrack_max in /proc Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: nf_conntrack AssignedTo: netfilter-buglog at lists.netfilter.org...

Hi Roel Just guessing: do you have conntrack enabled? If not, "modprobe nf_conntrack_netlink" (you can remove it and its dependencies later) What are the outputs of sysctl net.netfilter.nf_conntrack_count and sysctl net.netfilter.nf_conntrack_max when the problem shows up? cheers Ethy On Thu, 31 Mar 2016 12:17:12 +0000 "Dovid Bender" <dovid at telecurve.com> wrote: > Just guessing I would verify that the out of : iptables -L -nv > Shows no dropped packets, try disabling selinux as well as look at the limits > o...

...ime, most of time they are good. Actually, these servers are newly installed to be used as the Glusterfs storage server, so not much data flowing at this time. >From the sysctl output, I suppose it can't be a conntrack table overflow : net.netfilter.nf_conntrack_count = 1116 net.netfilter.nf_conntrack_max = 262144 And another tcpdump ouput of a successful ssh connection between these two servers for reference: 21:41:53.225977 IP (tos 0x0, ttl 64, id 30083, offset 0, flags [DF], proto TCP (6), length 60) 10.3.3.3.49221 > 10.3.3.4.22: Flags [S], cksum 0x1ab0 (incorrect -> 0x62bc), seq 3204...

...ivalent output -> http://bugzilla.netfilter.org/show_bug.cgi?id=705 Some accepted packets get lost -> http://bugzilla.netfilter.org/show_bug.cgi?id=708 nfq_nfnlh() and nfq_fd() should have const arguments -> http://bugzilla.netfilter.org/show_bug.cgi?id=715 double entry of nf_conntrack_max in /proc -> http://bugzilla.netfilter.org/show_bug.cgi?id=722 Errors in compiling nfqnl_test.c -> http://bugzilla.netfilter.org/show_bug.cgi?id=743 Range check for ulog-cprange is wrong -> http://bugzilla.netfilter.org/show_bug.cgi?id=748 IPv6 bridging bug -> http://b...

Hi?guys. There is a wierd problem with iptables recently, hopes somebody can help me. I have installed Centos 7.2.1511 on a bare metal Dell server these days, disabled firewalld and enabled iptables.services, and setup a group of very simple rules, as the following: # iptables-save # Generated by iptables-save v1.4.21 on Tue Apr 23 09:15:14 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT

...2c_i801 evdev joydev tpm psmouse processor button i2c_core serio_raw tpm_bios ext3 jbd mbcache dm_mod sd_mod crc_t10dif usbhid hid ahci libata igb scsi_mod uhci_hcd ehci_hcd ixgbe usbcore nls_base dca thermal thermal_sys Single -j SNAT --persistent rule. Related non-default sysctls: net.netfilter.nf_conntrack_max = 6000000 net.netfilter.nf_conntrack_count = 809342 net.netfilter.nf_conntrack_buckets = 1048576 Under some load (currently we have ~1.5+1.0 Gig/200+200kpps -- in+out -- on this server) kernel just panics. Here's some debug I've done on crash dump: crash> bt PID: 0 TASK: ffff880...

Dovid Bender writes: > The tcpdump that you are running is on the Asterisk box or via port > mirroring? It's on the asterisk box itself. I've already replaced the network card - no change. Thanks, Roel > Regards, > > Dovid > > -----Original Message----- > From: Roel van Meer <roel at 1afa.com> > Sender: asterisk-users-bounces at