From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-77348-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1JdGh2-0006EJ-4z
	for garchives@archives.gentoo.org; Sun, 23 Mar 2008 03:16:20 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id DCCB1E076B;
	Sun, 23 Mar 2008 03:16:17 +0000 (UTC)
Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185])
	by pigeon.gentoo.org (Postfix) with ESMTP id AC766E076B
	for <gentoo-user@lists.gentoo.org>; Sun, 23 Mar 2008 03:16:17 +0000 (UTC)
Received: by rv-out-0910.google.com with SMTP id b22so1086720rvf.46
        for <gentoo-user@lists.gentoo.org>; Sat, 22 Mar 2008 20:16:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        bh=poM900anlff0oS7asqnp1EojHUmy0kLSRp0OLqxPzVc=;
        b=WfC+NiZBpqivSHDRlGawSyiTjd0jnjFgHjlQkGaaLPIGfJiShcM0RCRVdNd4CduvQ15eKFti1d7ggHIAtSXXECoo4uYTOKmXM+HpC9atk7D7o+/wddiJwbcCi/jdrxXj2stPrrmFALDBHM2wcK7HgP5GgOMFH6Wpt/t8//2ovis=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
        b=JrNq6loUX0yH/+DogCFW/uPdy1GGR9X7yvKMs1TVpkjpBwjJ36hLL1KPfDZK7ckGhhCYUzikfww3jStlYJr2RjgZYjeTYcrlFlsljpLP5V7AhBQu8NhDiVrT7WQ+vhVG6hbS3RbXieN3XMZ4aXpXCCOmkKUrjCpk6i6tV1Gti7g=
Received: by 10.141.35.21 with SMTP id n21mr1797124rvj.115.1206242176317;
        Sat, 22 Mar 2008 20:16:16 -0700 (PDT)
Received: by 10.141.212.16 with HTTP; Sat, 22 Mar 2008 20:16:16 -0700 (PDT)
Message-ID: <4ef07b8c0803222016g7d3e05a6jf36b317ed1a73e69@mail.gmail.com>
Date: Sat, 22 Mar 2008 23:16:16 -0400
From: "Dan Cowsill" <danthehat@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: [gentoo-user] Gentoo router: Conntrack table full
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Archives-Salt: 87832bf4-d11a-419f-a615-d961a517d907
X-Archives-Hash: 013a62c936bdaa041f8324200b7a37c8

Hi folks,

Today I had some really serious problems with my Gentoo router.  I
could ping it, and all the network connections were in place and
functional, but no outside access.  I looked into it and found that
the syslog was flooded with this:


Mar 22 21:25:55 localhost kernel: nf_conntrack: table full, dropping packet.
Mar 22 21:26:00 localhost kernel: printk: 11 messages suppressed.
Mar 22 21:26:00 localhost kernel: nf_conntrack: table full, dropping packet.
Mar 22 21:26:05 localhost kernel: printk: 16 messages suppressed.


These messages spanned a full 20 hours of the log.  I understand that
conntrack is the connection tracking system that iptables uses.  I
also understand that its maximum is something on the order of 65000
simultaneous connections.  For a simple home network, I think we can
agree that I would probably never approach this number of connections
with normal use.

So my question is this:  what could have caused the router's
connection tracker to overflow?
-- 
Dan Cowsill
http://www.danthehat.net
-- 
gentoo-user@lists.gentoo.org mailing list