On Fri, 2004-11-05 at 06:27, Mark D. Montgomery II
wrote:> I''ve been having all sorts of problems the last few days with my
> connection slowing down and then stopping working.
> Rebooting the router box always fixes it for a while.
> When I couldn''t hit any pages this morning, and couldn''t
even ssh into
> the router, I dug around a little.
>
> When I did a dmesg on the router, there were a bunch of errors saying:
> ip_conntrack: table full, dropping packet
>
> I did a quick search and found a mailing list entry somewhere that said
> that the table was filling (duh) and that you need to increase the max
> value.
> I checked the max value and it is set to 6192 on my machine.
>
> So:
> 1. Any idea how in the world I''m suddenly filling the table?
> The only things that has changed is that we have company so there is 1
> or 2 extra boxes on at times.
> But I have 1 or 2 extra boxes connected frequently with no problems when
> I''m fixing machines.
> I''m on cable if that helps any.
Why don''t you look at the table and see what is filling it up???
("shorewall show connections")>
> 2. What it the proper way to fix the problem?
You won''t know until you find out what the problem is.
>
> 3. What is a normal value for ip_conntrack_max?
>
The kernel sizes the hash table based on the amount of RAM; the
conntrack table is then 8 times the size of the hash table.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key