From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JdGnR-0006jv-Qk for garchives@archives.gentoo.org; Sun, 23 Mar 2008 03:22:58 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B5AE3E0513; Sun, 23 Mar 2008 03:22:55 +0000 (UTC) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.168]) by pigeon.gentoo.org (Postfix) with ESMTP id 83964E0513 for ; Sun, 23 Mar 2008 03:22:55 +0000 (UTC) Received: by wf-out-1314.google.com with SMTP id 27so2165052wfd.10 for ; Sat, 22 Mar 2008 20:22:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=XpK7QD6AJadai5L42sf1mmTOOLJK6JCl+xR7sbUDt3w=; b=NLO6nZB12jQf1qXR4cYxUjyWeqt8bQHSNbSunn22eBevv80mv99/Be0Dsx9GbFRQqLFjrTj0qnOpJ0tRn31A9wiB1sWWqmwLhlnuA0ii4AZjx+Sg76jpsx7Tpazbhl43w5iL8o8ObihvQKPNh3WYqAPZnyMeS4d9SzVYK2PpKu4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=LAqpQBmxZx86QEf1b8U85rKSZ8IcmWZJ+NBe/J73GIGPg185H4FP0SOml0WQgXLtb2EbCBeFiAtAWyS8zZgOHlR6QD9f3zN3q0fEvBBgcAvjYoAiM4Seor3R3zCw0qqACRLaxoyS/kR7yPa6jkf6ax9a/jVIExy6OiPHnjzjQK0= Received: by 10.142.242.8 with SMTP id p8mr3501963wfh.24.1206242574594; Sat, 22 Mar 2008 20:22:54 -0700 (PDT) Received: by 10.142.105.5 with HTTP; Sat, 22 Mar 2008 20:22:54 -0700 (PDT) Message-ID: <350fc7cf0803222022m4dfb3827o878e39dd3493d20d@mail.gmail.com> Date: Sat, 22 Mar 2008 23:22:54 -0400 From: "Andrey Falko" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Gentoo router: Conntrack table full In-Reply-To: <4ef07b8c0803222016g7d3e05a6jf36b317ed1a73e69@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <4ef07b8c0803222016g7d3e05a6jf36b317ed1a73e69@mail.gmail.com> X-Archives-Salt: ba914798-cecf-4441-a587-c3c2a9efb0f9 X-Archives-Hash: 36a9d306062661b558c8612c6c0f9702 On Sat, Mar 22, 2008 at 11:16 PM, Dan Cowsill wrote: > Hi folks, > > Today I had some really serious problems with my Gentoo router. I > could ping it, and all the network connections were in place and > functional, but no outside access. I looked into it and found that > the syslog was flooded with this: > > > Mar 22 21:25:55 localhost kernel: nf_conntrack: table full, dropping packet. > Mar 22 21:26:00 localhost kernel: printk: 11 messages suppressed. > Mar 22 21:26:00 localhost kernel: nf_conntrack: table full, dropping packet. > Mar 22 21:26:05 localhost kernel: printk: 16 messages suppressed. > > > These messages spanned a full 20 hours of the log. I understand that > conntrack is the connection tracking system that iptables uses. I > also understand that its maximum is something on the order of 65000 > simultaneous connections. For a simple home network, I think we can > agree that I would probably never approach this number of connections > with normal use. > > So my question is this: what could have caused the router's > connection tracker to overflow? > -- > Dan Cowsill > http://www.danthehat.net > -- > gentoo-user@lists.gentoo.org mailing list > > What type of 'net services do you run between your home network and the outside? Is there a possibility that someone out have put a denial of service attack on you? -- gentoo-user@lists.gentoo.org mailing list