similar to: ip_conntrack problem

Hi, my ip_conntrack table is filling up and now my server is dropping packets. I'm running CentOS release 4.4 (Final) on a fairly busy webserver. The table is full of various connections, including a lot of "ESTABLISHED" tcp connections from my webserver (the src is my webserver ip), and some other random connections to my webserver, and many "ASSURED" connections. So why

Hi all. i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes /etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576 /etc/modprobe.conf options ip_conntrack hashsize=131072 after reboot results cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536 cat

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables <http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E> suggested My iptables rules are ------------------------------------------------------------------------ #that's what the

Hey guys, I have several Linux routers in place at high-usage locations (student apartment complexes). I''m having trouble with some of the routers which use 6Mbit DSL lines as their Internet feed. The routers use PPPoE and perform NAT. During peak usage periods, the routers are dropping alot of packets. I''m lead to believe this is because there are too many active

I *think* we are finally making some progress in tracking our elusive performance problems. After employing a second 10Mb link from our ISP, along with another firewall box and proxy, we were able to determine the problem *is* our firewall. We don''t know exactly why yet, but our sporadic slow web access seems to have gone away since swapping a new firewall in this morning. The

Ok. That''s probably really confusing. :) Here''s what I''d like to do. If it''s something that''s overly difficult or just plain stupid, let me know. :) I''m on cable with a dynamic IP. I have a domain forwarding account pointing to me. That is techiem2.no-ip.com. The firewall is 192.168.100.1. My web server is on port 444 on machine

I have just completed the installation of a new firewall running Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to be running fairly well so far, but is generating significantly more log entries than our previous linux 2.0.x firewall... Our previous firewall enjoyed more than 6 years of 24/7 operation with no downtime before we finally decided it needed more horsepower, and

xen-3.0.3-94.el5_4.2 2.6.18-164.6.1.el5xen RHEL5.4 x86_64 I''ve got a dom0 that does nothing but have a DomU created. The DomU gets plenty of load. Over time, the dom0''s ipconntrack table fills up but not the DomU. Once it gets full I can restart iptables and it''s fine. The strange thing is this only happens on hosts I have provided (hardware and hosting) from one

Hello I''ve got a server with 3Gb of ram and I want to keep 256 for the system and allocate the rest to conntrack ... I''ve tried to change the HASHSIZE of the ip_conntrack but dmesg return me this error ! ip_conntrack version 2.4 (2097152 buckets, 16777216 max) - 236 bytes per conntrack ip_conntrack: falling back to vmalloc. .... I''ve use this "math"

It seems that the value of net.ipv4.ip_conntrack_max has no so much to do with the conntrack ''cause the when I measure current number of connections i.e.: wc -l /proc/net/ip_conntrack they show as ~20-30 000 connection, but I set sysctl -w net.ipv4.ip_conntrack_max=150000 and packets get dropped, I have to set it to value above 200 000 so that packets are not dropped ?!! Any idea

I recently setup shorewall on my freshly rebuilt router box. I setup transparent proxying using transproxy/dansguardian/privoxy/squid. My current rules for the redirect are: REDIRECT loc 81 tcp www - !192.168.100.0/24 ACCEPT fw net tcp www How do I set this so that all the request are redirected except for requests FROM a certain machine (192.168.100.11)? I

Hi, I know that this is a known problem but I don''t know the solution. I have a linux server with iptables, kernel 2.4.17. Now in logs appear (Debian): kern.log: Mar 1 23:12:55 cpie kernel: ip_conntrack: table full, dropping packet. Mar 1 23:13:56 cpie last message repeated 10 times Mar 1 23:13:59 cpie last message repeated 3 times Mar 1 23:14:10 cpie kernel: NET: 1 messages

https://bugzilla.netfilter.org/show_bug.cgi?id=830 Summary: ??iptables????????? Product: iptables Version: unspecified Platform: All OS/Version: RedHat Linux Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: higkoohk

Hi to all. I have a shorewall ver 2.0.13 running in Fedora Core 3, the machine has dual cpu, 1gb of ram, and 40GB of hard disk space. The machine runs shorewall only and had tested it to openvpn but most of the time just shorewall. The problem, there were instances when internet traffic coming from the local network just halts, I needed to restart shorewall in order the traffic to flow again.

Ok here are all the information the website said I should include first: [root@residents root]# shorewall version 1.4.8 [root@residents root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100

Hi all, I''m searching for a tutorial how to setup multiple network cards with xen network bridge setup in debian lenny. My problem is, bridges seams only to work if i put an ip adress in dom0 to them. Thanks, Alex _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hello: I have a machine running CentOS 5 x86_64. It is running apache httpd and tomcat. For some reason, after running for a few days, web requests stop responding. It happened again this morning. I check the syslog and see a HUGE number of logs like this: OUTPUT IN= OUT=eth0 SRC=[MyIP] DST=[OutsideIP] LEN=532 TOS=0x00 PREC=0x00 TTL=64 ID=52669 DF PROTO=TCP SPT=80 DPT=54697 WINDOW=61

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via