Re: ip_conntrack: table full, dropping packet

To: debian-firewall@lists.debian.org
Subject: Re: ip_conntrack: table full, dropping packet
From: staf.wagemakers@belgacom.net (staf wagemakers)
Date: Mon, 3 Mar 2003 13:02:30 +0100
Message-id: <[🔎] 20030303120230.GA5597@staflaptop.antw.the-ecorp.com>
Mail-followup-to: staf.wagemakers@belgacom.net, debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20030303102144.GB16270@mx.euskal-linux.org>
References: <[🔎] 20030303102144.GB16270@mx.euskal-linux.org>

On Mon, Mar 03, 2003 at 11:21:44AM +0100, Iñaki Martínez wrote:
> 
>  I see several of this in my firewall logs:
>
<snip>
> kernel: ip_conntrack: table full, dropping packet.
> kernel: NET: 50 messages suppressed.
> kernel: ip_conntrack: table full, dropping packet.
> 
>  What this means????
> 
>  Do i have something wrong in my iptables configuration??
>

Apparently your ip_conntrack table is full, you can review your table
with: 

# cat /proc/net/ip_conntrack

The max number of connections is set in 

# cat /proc/sys/net/ipv4/ip_conntrack_max

You can increase it with:

# echo "some_number" > /proc/sys/net/ipv4/ip_conntrack_max

Which might resolve your problem.

-- 
Staf Wagemakers

email:          staf@patat.org
homepage:       http://staf.patat.org

Reply to:

Follow-Ups:
- Re: ip_conntrack: table full, dropping packet
  - From: Iñaki Martínez <debian@euskal-linux.org>

References:
- ip_conntrack: table full, dropping packet
  - From: Iñaki Martínez <debian@euskal-linux.org>

Prev by Date: ip_conntrack: table full, dropping packet
Next by Date: Re: bandwidth monitoring
Previous by thread: ip_conntrack: table full, dropping packet
Next by thread: Re: ip_conntrack: table full, dropping packet
Index(es):
- Date
- Thread