Displaying 20 results from an estimated 2000 matches similar to: "Getting ip_conntrack: table full, dropping packet on shorewall-lite"
2009 Mar 04
1
MultiWAN & Vlans
Hello,
I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk.
My internal networks are :
LAN(eth9): 10.0.0.0/16
VLAN10(eth9) 10.10.0.0/24
VLAN20(eth9) 10.20.0.0/24
VLAN30(eth9) 10.30.0.0/24
VLAN100(eth9) 10.100.0.0/24
I would like to post my configuration here since i don''t success to do the following:
1. Communicate between VLANxx to LAN
2009 Mar 09
3
Shorewall Rules and Configurations
Hi,
I need a help... I''m a beginner with shorewall.
I have two shorewall firewalls, each with a link.
FW (a) - w/ openVPN
eth0 = 192.168.150.5/24
eth1 = 192.168.200.5/24
eth2 = public IP
eth3 = 192.168.120.5/24
tun240 = 10.240.255.1
/etc/shorewall/zones
all zones declared as ipv4
/etc/shorewall/interfaces
#ZONE INTERFACE BROADCAST OPTIONS
tlm eth0
2008 Apr 18
3
ip_conntrack: table full, dropping packet.
I was trying to do what the article at
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables
<http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E>
suggested
My iptables rules are
------------------------------------------------------------------------
#that's what the
2017 Sep 11
1
Read ONLY shares on Samba 4.6.4 in AIX 6.1
>
> Hi !!!
>
> I've managed to make Samba 4.6.4 run on AIX 6.1. Packages from OSS4AIX. I
> have two shares both are read write, but I'm not allowed to write on them.
>
> This is my [GLOBAL]:
>
> [global]
> bind interfaces only = Yes
> interfaces = 127.0.0.1 en0
> netbios name = P7-AIXTEST
> realm = MYCOMPANY.LOCAL
>
2013 Jun 26
5
[Bug 830] New: 關於iptables影響服務器性能事宜
https://bugzilla.netfilter.org/show_bug.cgi?id=830
Summary: ??iptables?????????
Product: iptables
Version: unspecified
Platform: All
OS/Version: RedHat Linux
Status: NEW
Severity: major
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: higkoohk
2002 Mar 01
0
ip_conntrack: table full, dropping packet.
Hi,
I know that this is a known problem but I don''t know the solution.
I have a linux server with iptables, kernel 2.4.17.
Now in logs appear (Debian):
kern.log:
Mar 1 23:12:55 cpie kernel: ip_conntrack: table full, dropping packet.
Mar 1 23:13:56 cpie last message repeated 10 times
Mar 1 23:13:59 cpie last message repeated 3 times
Mar 1 23:14:10 cpie kernel: NET: 1 messages
2013 May 16
5
ddos attack causes high ksoftirqd cpu use
Hello List!
I got a small (50mbits or so) application layer ddos attack against a
few name servers (thousands of IPs sending lots of bogus A record
requests - weird) - one of the name servers was behind a shorewall
firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and
shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd
using 100% of the CPU during the
2007 Jun 12
3
ip_conntrack table filling up, dropping packets
Hi, my ip_conntrack table is filling up and now my server is dropping
packets. I'm running CentOS release 4.4 (Final) on a fairly busy
webserver. The table is full of various connections, including a lot
of "ESTABLISHED" tcp connections from my webserver (the src is my
webserver ip), and some other random connections to my webserver, and
many "ASSURED" connections. So why
2009 Feb 28
0
VPN PPTP setup question
Hello,
I setup a PPTP service on a Windows 2003 in LAN. Shorewall used NAT and macro and rules, for example:
nat:
1.1.1.1 eth2:11 172.16.1.246
macro.VPN:
PARAM - - tcp 1723
PARAM - - 47
rules:
VPN/ACCEPT net dmz:172.16.1.246
or don''t use macro
DNAT net loc:172.16.1.246 tcp 1723 -
2009 Mar 07
0
can't figure out how to shape the traffic
hello gentelmen
could somebody to share with me a working configuration, of course if
you have such one, for the following conditions:
i have:
1) a ppp0 interface (ADSL modem working as the bridge, connected to eth0
(broadcasting))
2) my local PC, all connection passes through (working as router)
3) on my local PC 3 additional interfaces are up: br0 - bridge
(192.168.0.1 - dhcp), vbox0 (obtains
2003 Jan 31
0
[Bug 32] ip_conntrack seems to track everything which can be very slow on HTTP
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=32
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|blocker |enhancement
Status|NEW |RESOLVED
Resolution|
2017 Jan 04
1
Can't connect Windows 7 client to Samba 3.3.12 on AIX
This samba is scheduled for upgrade. We've been testing samba 4.3.8
packages (from BULLFreeware) on other AIX. It was not easy the install,
even with RPM packages.
I hope to do the upgrade soon, but I need to have this particular user
working now. What puzzles me is that I have other windows 7 PCs happily
working on the same resource.
2017-01-04 16:21 GMT-03:00 Rowland Penny via samba
2005 May 16
3
ip_conntrack limit --- torrent , DC++ , eMule
Hi all,
i need advice how can i limit ip_conntrack per IP.
clients of network that i support often uses torrent , DC++ , eMule
clients and i have lost packages because they open too many ports.
i have traffic control limits but this obviously isn''t enough
Any advance how to prevent server from this kind problems will be welcome.
Best regards
Emil
2020 Apr 10
15
[Bug 1422] New: iptables-nft fails to check / delete rules in raw table
https://bugzilla.netfilter.org/show_bug.cgi?id=1422
Bug ID: 1422
Summary: iptables-nft fails to check / delete rules in raw
table
Product: iptables
Version: 1.6.x
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: iptables
2020 Feb 27
9
[Bug 1410] New: STATELESS, rules with notrack into a map
https://bugzilla.netfilter.org/show_bug.cgi?id=1410
Bug ID: 1410
Summary: STATELESS, rules with notrack into a map
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at
2008 Sep 16
3
netfilter kernel crash in ip_ct_refresh_acct / ip_conntrack with centos 5.x
Hello!
Has anyone seen this netfilter kernel crash?
Images from the console of the crashed firewall:
http://pasik.reaktio.net/centos5-kernel-crash/
Firewall is HP DL360 G4 server running CentOS 5.x 32 bit.
I've seen this firewall crashing multiple times, but I only started investigating it lately..
It has happened using CentOS 5.0, 5.1 and now also with 5.2. I'm not sure if
it was
2018 Jan 10
5
[Bug 1213] New: Nft stateless NAT (NOTRACK)
https://bugzilla.netfilter.org/show_bug.cgi?id=1213
Bug ID: 1213
Summary: Nft stateless NAT (NOTRACK)
Product: nftables
Version: unspecified
Hardware: All
OS: Ubuntu
Status: NEW
Severity: critical
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter:
2017 Apr 11
2
connection state tracking with DNS [was Primary DNS...]
Hi, I would like to see this addressed.
I found more information on the issue at
https://kb.isc.org/article/AA-01183/0/Linux-connection-tracking-and-DNS.html
Is there a firewalld solution to this issue?
On 04/11/2017 11:05 AM, Chris Adams wrote:
> One additional DNS server note: you should disable firewalld for any DNS
> server, caching or authoritative. If you need firewalling, use
2003 Feb 21
1
flush ip_conntrack table manually?
i just got a ''ip_conntrack: table full, dropping packet'' because a
p2p-application ran amok. i''ve killed the process but
/proc/net/ip_conntrack still got more than 7000 (now stale) entries of 8184
max. since the table is now after ~70 minutes down to 6995 entries, i
wonder if i can flush this table manually. the entries in there look like
tcp 6 155674
2004 Nov 05
1
ip_conntrack problem
I''ve been having all sorts of problems the last few days with my
connection slowing down and then stopping working.
Rebooting the router box always fixes it for a while.
When I couldn''t hit any pages this morning, and couldn''t even ssh into
the router, I dug around a little.
When I did a dmesg on the router, there were a bunch of errors saying:
ip_conntrack: table full,