similar to: ip_conntrack table filling up, dropping packets

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

I''ve been having all sorts of problems the last few days with my connection slowing down and then stopping working. Rebooting the router box always fixes it for a while. When I couldn''t hit any pages this morning, and couldn''t even ssh into the router, I dug around a little. When I did a dmesg on the router, there were a bunch of errors saying: ip_conntrack: table full,

I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables <http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E> suggested My iptables rules are ------------------------------------------------------------------------ #that's what the

I have just completed the installation of a new firewall running Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to be running fairly well so far, but is generating significantly more log entries than our previous linux 2.0.x firewall... Our previous firewall enjoyed more than 6 years of 24/7 operation with no downtime before we finally decided it needed more horsepower, and

Hello I''ve got a server with 3Gb of ram and I want to keep 256 for the system and allocate the rest to conntrack ... I''ve tried to change the HASHSIZE of the ip_conntrack but dmesg return me this error ! ip_conntrack version 2.4 (2097152 buckets, 16777216 max) - 236 bytes per conntrack ip_conntrack: falling back to vmalloc. .... I''ve use this "math"

Hi all. i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576 /etc/modprobe.conf options ip_conntrack hashsize=131072 after reboot results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536 cat

Hey guys, I have several Linux routers in place at high-usage locations (student apartment complexes). I''m having trouble with some of the routers which use 6Mbit DSL lines as their Internet feed. The routers use PPPoE and perform NAT. During peak usage periods, the routers are dropping alot of packets. I''m lead to believe this is because there are too many active

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk

xen-3.0.3-94.el5_4.2 2.6.18-164.6.1.el5xen RHEL5.4 x86_64 I''ve got a dom0 that does nothing but have a DomU created. The DomU gets plenty of load. Over time, the dom0''s ipconntrack table fills up but not the DomU. Once it gets full I can restart iptables and it''s fine. The strange thing is this only happens on hosts I have provided (hardware and hosting) from one

Hi to all. I have a shorewall ver 2.0.13 running in Fedora Core 3, the machine has dual cpu, 1gb of ram, and 40GB of hard disk space. The machine runs shorewall only and had tested it to openvpn but most of the time just shorewall. The problem, there were instances when internet traffic coming from the local network just halts, I needed to restart shorewall in order the traffic to flow again.

I *think* we are finally making some progress in tracking our elusive performance problems. After employing a second 10Mb link from our ISP, along with another firewall box and proxy, we were able to determine the problem *is* our firewall. We don''t know exactly why yet, but our sporadic slow web access seems to have gone away since swapping a new firewall in this morning. The

Hi, i am testing two bridges by sending to it random packets using hping2. First i create a random-length file, then i send it a lot of time on the wire using this command: for ($i=0; $i<50000; $i++) { hping2 -q -c 1 -d $data_len -E random.file 10.0.0.10 } My problem is that some packets are lost. Here is my setup: PC1 (10.0.0.1) ===== BR1 --------- BR2 ===== PC2 (10.0.0.10)

Hi, I have been doing some tests using hping2 and TCP SYN pings targeting local and remote hosts from two FreeBSD 4.7-RELEASE-p10 and one Linux 2.4.18 host. The three machines have the same hardware configuration and have been running for 6 months now. The average load isnt too high (usually 0.01 to 0.15) on the FreeBSD machines. Here is the output from hping2 (excuse me the line wrap),

Hi all, I''m searching for a tutorial how to setup multiple network cards with xen network bridge setup in debian lenny. My problem is, bridges seams only to work if i put an ip adress in dom0 to them. Thanks, Alex _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hello: I have a machine running CentOS 5 x86_64. It is running apache httpd and tomcat. For some reason, after running for a few days, web requests stop responding. It happened again this morning. I check the syslog and see a HUGE number of logs like this: OUTPUT IN= OUT=eth0 SRC=[MyIP] DST=[OutsideIP] LEN=532 TOS=0x00 PREC=0x00 TTL=64 ID=52669 DF PROTO=TCP SPT=80 DPT=54697 WINDOW=61

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=105 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |LATER ------- Additional Comments From

It seems that the value of net.ipv4.ip_conntrack_max has no so much to do with the conntrack ''cause the when I measure current number of connections i.e.: wc -l /proc/net/ip_conntrack they show as ~20-30 000 connection, but I set sysctl -w net.ipv4.ip_conntrack_max=150000 and packets get dropped, I have to set it to value above 200 000 so that packets are not dropped ?!! Any idea

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=105 ------- Additional Comments From laforge@netfilter.org 2003-06-24 20:00 ------- Did you try to enlarge your connection tracking table? (Pleae read the FAQ) Do the /proc/net/ip_conntrack entries look plausible, or are there lots of entries with unreasonably high timeout? ------- You are receiving this mail because: -------

I have a bunch of servers, where I''ve deployed shorewall-lite. For us is very useful to have a centralized repository of the firewall rules deployed in our servers. One of this servers is pretty busy, handling lots of connections. In that server I''m getting from time to time this message: ip_conntrack: table full If I where working in a custom made iptables firewall I will