On Tue, 21 Jun 2011 17:00:30 +0000, Chuck Swiger wrote: > On Jun 21, 2011, at 12:33 AM, Condor wrote: >> Here is error that i got from kernel: >> >> net_ratelimit: 686 callbacks suppressed nf_conntrack: table full, >> dropping packet. nf_conntrack: table full, dropping packet. >> nf_conntrack: table full, dropping packet. > > You're using a stateful firewall for NTP traffic, and it's connection > state table has filled. I recommend not using stateful rules for NTP > traffic, as it adds latency and potential denial-of-service problems > with the firewall. > > The network tuning you'd mentioned mostly affects TCP and doesn't matter > to UDP. > > The high traffic rate you'd seen of 3000 packets/sec is unusual, but if > your firewall was dropping packets, some NTP clients behave badly and > query faster. > > Regards,
I use only one rule on my firewall and its a postrouting rule: -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source external_ip Can we pls did not discus my tcp/ip settings and to point over the problem how i can resolve it. Regards, Condor _______________________________________________ questions mailing list [email protected] http://lists.ntp.org/listinfo/questions
