WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/

Home

xen-users

[Top] [All Lists]

RE: [Xen-users] ip conntrack table full

from [James Harper]

[Permanent Link][Original]

To:	"Mike McGrath" <mmcgrath@xxxxxxxxxx>
Subject:	RE: [Xen-users] ip conntrack table full
From:	"James Harper" <james.harper@xxxxxxxxxxxxxxxx>
Date:	Mon, 25 Jan 2010 10:51:03 +1100
Cc:	xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date:	Sun, 24 Jan 2010 15:51:41 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<alpine.LFD.2.00.1001241746250.16075@xxxxxxxxxxxxxxxxxxx>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<alpine.LFD.2.00.1001241728170.16075@xxxxxxxxxxxxxxxxxxx> <AEC6C66638C05B468B556EA548C1A77D01898CE9@trantor> <alpine.LFD.2.00.1001241746250.16075@xxxxxxxxxxxxxxxxxxx>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcqdT6QvJXxHjFyaTXStur3jRFp2pQAAC93w
Thread-topic:	[Xen-users] ip conntrack table full

> >
> > 'cat /proc/net/ip_conntrack' will tell you what's in the conntrack
> > database. Have a look in there and see if it's what you expect...
> >
> 
> net.ipv4.netfilter.ip_conntrack_count = 65536
> net.ipv4.netfilter.ip_conntrack_max = 65536
> 
> Being full that's what I'd expect, what I don't understand is why
they're
> filling up.
> 

That's why you need to 'cat /proc/net/ip_conntrack' and see what's in
there. It will tell you about all the connections it's tracking. Could
be full of SSH portscans. Maybe you have a spambot on your network?
Could be anything, but you need to get an understanding of the actual
connections, not just a count of them.

There is also a tool in the netfilter suite that can do a live listing
of any new connection that gets added and removed.

James

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-users] ip conntrack table full, Mike McGrath RE: [Xen-users] ip conntrack table full, James Harper RE: [Xen-users] ip conntrack table full, Mike McGrath RE: [Xen-users] ip conntrack table full, James Harper <= RE: [Xen-users] ip conntrack table full, Mike McGrath Re: [Xen-users] ip conntrack table full, Fajar A. Nugraha [Xen-users] Re: ip conntrack table full, Ferenc Wagner Re: [Xen-users] ip conntrack table full, jim burns Re: [Xen-users] ip conntrack table full, Fajar A. Nugraha

Previous by Date:	RE: [Xen-users] ip conntrack table full, Mike McGrath
Next by Date:	RE: [Xen-users] ip conntrack table full, Mike McGrath
Previous by Thread:	RE: [Xen-users] ip conntrack table full, Mike McGrath
Next by Thread:	RE: [Xen-users] ip conntrack table full, Mike McGrath
Indexes:	[Date] [Thread] [Top] [All Lists]

This site is hosted by Citrix