I've run into a weird problem, and a basic Google search didn't seem to help. The symptom was that DNS queries were failing, apparently for no good reason. On the DNS server, I noticed the log message: "nf_conntrack: table full, dropping packet" repeated thousands of times. This was surprising to me because the server isn't using iptables at all (I checked and the nat tables are all empty). I'm surprised that nf_conntrack is getting used at all, much less filled. I looked at /proc/net/nf_conntrack, and all of the entries seemed to be local machines doing normal lookups, so it's not a DoS (which is what some forum threads seemed to suggest).
I've tried increasing /proc/sys/net/nf_conntrack_max, and I'll see if that helps, but the real question is why nf_conntrack is being used at all on a machine that isn't a firewall. If it helps, this is a Fedora 10 machine. I'm curious whether anyone has seen something like this before. Thanks. -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
