Re: 2.4.20-pre7: ip_conntrack: table full, dropping packet.

From: Harald Welte (
Date: Mon Oct 21 2002 - 16:55:34 EST

On Mon, Oct 21, 2002 at 08:16:44PM +0200, Stephan von Krawczynski wrote:
> Hello all,

Hi Stephan. Don't know if you remember me, but we've met at some IN e.V.
meetings in the past ;)

> After several days running kernel 2.4.20-pre7 I came across the syslogged
> message:
> kernel: ip_conntrack: table full, dropping packet.
> This box runs about 10 rules for destination nat. My simple question:
> is this a bug, or a need to tune something? If it is a bug, is there a
> later kernel that has it fixed?

it's not about the number of NAT rules, but the number of connections
going on through your machine.

the FAQ (to be found at describes how to raise the
number of connection tracking table entries.

> Regards,
> Stephan

Live long and prosper
- Harald Welte /     
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Oct 23 2002 - 22:00:58 EST