[rlug] Re: ip_conntrack problems

Liviu Andreicut Tue, 17 Aug 2004 06:05:04 -0700

> ip_conntrack: table full, dropping packet.
>
> asta apare...
> sistemul e un
> server:/home/packardb# cat /proc/cpuinfo
> processor       : 0
> vendor_id       : GenuineIntel
> cpu family      : 6
> model           : 5
> model name      : Celeron (Covington)
> stepping        : 0
> cpu MHz         : 267.275
> cache size      : 32 KB
> fdiv_bug        : no
> hlt_bug         : no
> f00f_bug        : no
> coma_bug        : no
> fpu             : yes
> fpu_exception   : yes
> cpuid level     : 2
> wp              : yes
> flags           : fpu vme de pse tsc msr pae mce cx8 sep mtrr pge mca
> cmov pat pse36 mmx fxsr
> bogomips        : 532.48
>
> server:/home/packardb# cat /proc/meminfo
>         total:    used:    free:  shared: buffers:  cached:
> Mem:  64413696 62898176  1515520         19156992  5836800
> Swap: 313778176         313778176
> MemTotal:        62904 kB
> MemFree:          1480 kB
> MemShared:            kB
> Buffers:         18708 kB
> Cached:           5700 kB
> SwapCached:           kB
> Active:          11028 kB
> Inactive:        19688 kB
> HighTotal:            kB
> HighFree:             kB
> LowTotal:        62904 kB
> LowFree:          1480 kB
> SwapTotal:      306424 kB
> SwapFree:       306424 kB
>
> server:/home/packardb# cat /proc/sys/net/ipv4/ip_conntrack_max
> 8192
>
> pus de mine de la 4096....
> unde gresesc? sistemul face nat la 26 de ip-uri...oare asta sa fie
> problema? mai trebuie ram pentru a face fata?
> din cate stiu astea nu se pun/fac in swap, deci...
>
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
>
>
>


ai utilizatori care ies prin nat si fac multe sesiuni tcp probabil.
Mareste numarul de sesiuni maxim (echo "65535" >
/proc/sys/net/ipv4/ip_conntrack_max)
Daca micsorezi numarul de conexiuni maxime nu rezolvi problema. Daca tot
vrei sa restrictionezi numarul de conexiuni paralele, incearca extensia
connlimit din patch-o-matic.


-- 
Liviu Andreicut
---------------
TFM Group Romania
Linux Division

--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] Re: ip_conntrack problems

Raspunde prin e-mail lui