ip_conntrack: table full, dropping packet
Stephen J Smoogen
smoogen at lanl.gov
Fri Sep 24 17:19:02 CEST 2004
www.piratehosting.net wrote:
> 512mb ram
> about 150,000 connections
> its a ircd server with 15 clients at 1024 users each.
> i have to keep moving it up as the conntrack doesnt empty
>
Depending on the linux kernel you are using.. this is a 'known' bug. Red
Hat Linux for the 7,8,9 series has a patch from netfilter experimental
that does not let go connections. There is also another kernel version
that seems to have this issue (2.4.18?) but I cant remember which one it
was. Putting on the latest 2.4.x kernel with a clean netfilter patch
fixed the problem on our boxes.
--
Stephen John Smoogen | CCN-5 Security Team
LANL SIRT Team Leader | SMTP: smoogen at lanl.gov
Los Alamos National Laboratory | Voice: 505.664.0645
Ta-03 SM-1498 MS: B255 DP 10S | FAX: 505.665.7793
Los Alamos, NM 87545 |
More information about the netfilter
mailing list