From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from <gentoo-user+bounces-77348-garchives=archives.gentoo.org@lists.gentoo.org>) id 1JdGh2-0006EJ-4z for garchives@archives.gentoo.org; Sun, 23 Mar 2008 03:16:20 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DCCB1E076B; Sun, 23 Mar 2008 03:16:17 +0000 (UTC) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by pigeon.gentoo.org (Postfix) with ESMTP id AC766E076B for <gentoo-user@lists.gentoo.org>; Sun, 23 Mar 2008 03:16:17 +0000 (UTC) Received: by rv-out-0910.google.com with SMTP id b22so1086720rvf.46 for <gentoo-user@lists.gentoo.org>; Sat, 22 Mar 2008 20:16:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=poM900anlff0oS7asqnp1EojHUmy0kLSRp0OLqxPzVc=; b=WfC+NiZBpqivSHDRlGawSyiTjd0jnjFgHjlQkGaaLPIGfJiShcM0RCRVdNd4CduvQ15eKFti1d7ggHIAtSXXECoo4uYTOKmXM+HpC9atk7D7o+/wddiJwbcCi/jdrxXj2stPrrmFALDBHM2wcK7HgP5GgOMFH6Wpt/t8//2ovis= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=JrNq6loUX0yH/+DogCFW/uPdy1GGR9X7yvKMs1TVpkjpBwjJ36hLL1KPfDZK7ckGhhCYUzikfww3jStlYJr2RjgZYjeTYcrlFlsljpLP5V7AhBQu8NhDiVrT7WQ+vhVG6hbS3RbXieN3XMZ4aXpXCCOmkKUrjCpk6i6tV1Gti7g= Received: by 10.141.35.21 with SMTP id n21mr1797124rvj.115.1206242176317; Sat, 22 Mar 2008 20:16:16 -0700 (PDT) Received: by 10.141.212.16 with HTTP; Sat, 22 Mar 2008 20:16:16 -0700 (PDT) Message-ID: <4ef07b8c0803222016g7d3e05a6jf36b317ed1a73e69@mail.gmail.com> Date: Sat, 22 Mar 2008 23:16:16 -0400 From: "Dan Cowsill" <danthehat@gmail.com> To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Gentoo router: Conntrack table full Precedence: bulk List-Post: <mailto:gentoo-user@lists.gentoo.org> List-Help: <mailto:gentoo-user+help@lists.gentoo.org> List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org> List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org> List-Id: Gentoo Linux mail <gentoo-user.gentoo.org> X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Archives-Salt: 87832bf4-d11a-419f-a615-d961a517d907 X-Archives-Hash: 013a62c936bdaa041f8324200b7a37c8 Hi folks, Today I had some really serious problems with my Gentoo router. I could ping it, and all the network connections were in place and functional, but no outside access. I looked into it and found that the syslog was flooded with this: Mar 22 21:25:55 localhost kernel: nf_conntrack: table full, dropping packet. Mar 22 21:26:00 localhost kernel: printk: 11 messages suppressed. Mar 22 21:26:00 localhost kernel: nf_conntrack: table full, dropping packet. Mar 22 21:26:05 localhost kernel: printk: 16 messages suppressed. These messages spanned a full 20 hours of the log. I understand that conntrack is the connection tracking system that iptables uses. I also understand that its maximum is something on the order of 65000 simultaneous connections. For a simple home network, I think we can agree that I would probably never approach this number of connections with normal use. So my question is this: what could have caused the router's connection tracker to overflow? -- Dan Cowsill http://www.danthehat.net -- gentoo-user@lists.gentoo.org mailing list