Red Hat Bugzilla – Bug 109903
ip_conntrack problem (packets dropped)
Last modified: 2007-04-18 12:59:25 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; Galeon)
Description of problem:
I have RH9 as a firewall behind my fr2.rpmfind.net mirror.
ip_conntrack_ftp is loaded. Since my upgrade to RH9, I see these
messages in my log :
NET: 45 messages suppressed.
ip_conntrack: table full, dropping packet.
NET: 47 messages suppressed.
And the network traffic slowly goes down to zero. The particulary of
this problem is that the number of tracked connections reported by wc
-l /proc/net/ip_conntrack is far below (~2500) the fixed limit in
/proc/sys/net/ip_v4/ip_conntrack_max (65536). Due to a previous
problem of the same kind, I added a MRTG graph showing the
ip_conntrack counts. As you can see on
http://bellet.info/~bellet/ip_conntrack.png, the problem occured
around 18:00 -> 20:00. The total number of tracked connections
continuously decreased during this period. As a workaround, I doubled
the value of ip_conntrack_max (128K), and it's now working again. So
it seems to me that expired tracked connections are someway not
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. just wait for a few days of network activity.
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases,
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/