Ip_conntrack

May 15, 2009

Please see following picture, its see on my server and server is down

Its a hypervm main node server.

View 7 Replies


ADVERTISEMENT

Ip_conntrack Wont Work?

Jun 17, 2009

I've got the latest grsec stable, but i'm having a problem with getting ip_conntrack working.

I did the following with make menuconfig after copying my default kernels config file...

Networking -> Networking support -> Networking options -> Network packet filtering
framework (Netfilter) -> Core Netfilter -> Configuration -> Netfilter Xtables support
(required for ip_tables) -> "conntrack" connection tracking match support.

After a compile and reboot:

error: "net.ipv4.netfilter.ip_conntrack_generic_timeout" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_icmp_timeout" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_close" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_udp_timeout" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_udp_timeout_stream" is an unknown key
error: "net.ipv4.netfilter.ip_conntrack_max" is an unknown key
error: "net.ipv4.ip_conntrack_max" is an unknown key

I did a ls on /lib/modules/2.6.27.10-grsec/kernel/net/ipv4/netfilter and dont see the modules that i see in the default kernels...

View 5 Replies View Related

Ip_conntrack: Table Full, Dropping Packet

Mar 20, 2008

ip_conntrack: table full, dropping packet

What does that error mean? It's related to iptables right? When I do this cat /proc/sys/net/ipv4/ip_conntrack_max, I get

65536

I increased it

131072

Because someone recommended me this number because I have 4gb of RAM. But I still get the table full errors or

host kernel: printk: 500 messages suppressed

What should I do? Should I keep increasing the number? How do I know how much I can increase it by?

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved