Re: [PLUG] what do these network errors mean?

LeRoy Cressy on Fri, 8 Mar 2002 15:50:14 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] what do these network errors mean?

From: LeRoy Cressy <leroy@lrcressy.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] what do these network errors mean?

Date: Fri, 08 Mar 2002 09:46:10 -0500

Organization: L & R Associates

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

When the Linux kernel is compiled with ip_conntrack in the iptables portion of the kernel compilation there is a setting on the max limit of ip connections to keep track of. You can view the connections that your system is keeping track of with cat /proc/net/ip_conntrack cat /proc/sys/net/ipv4/ip_conntrack_max I think that you can change the ip_conntrack_max with echo as root. Also, it seems that reaching the max limit of 3072 seems excessive. I would look at the connections and see if you are under some sort of attack or something. Also, what are you allowing to pass through your system? Are you dropping most everything from the Internet except what is absolutely necessary? If you are using comcast, I'll assume that you are not doing multicasting with multiple connections. I'll also assume that you aren't using mbone. Alot of default kernels have multicasting turned on and I think that you should turn off multicasting if your kernel has it turned on. Michael Whitman wrote: > > Hi all, > > I am getting two error repeatedly on my unlogged console. > > ip_conntrack : maximum limilt of 3072 entries exceeded > > AND > > NET: 1535 messages suppressed. > > This link > http://netfilter.samba.org/documentation/FAQ/netfilter-faq-3.html > suggests that it is do multicast packets. > > I am on the new improved Comcast network, so I assume this has something to > do with it. > The above link suggests I as the line to my iptables script. > > iptables -t mangle -I PREROUTING -j DROP -d 224.0.0.0/8 > > Does this make sense? What does the 224.0.0.0/8 represent? WHat is multicast? > > thanks -Mike > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug -- Rev. LeRoy D. Cressy mailto:lcressy@telocity.com /\_/\ http://www.netaxs.com/~ldc ( o.o ) Phone: 215-535-4037 > ^ < Jesus saith unto him, I am the way, the truth, and the life: no man cometh unto the Father, but by me. (John 14:6) ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] List and forum packages
From: "Bill Patterson" <patterson@computer.org>

[PLUG] what do these network errors mean?
From: Michael Whitman <michaelw@palawnet.com>

Prev by Date: [PLUG] what do these network errors mean?

Next by Date: [PLUG] Athlon update

Previous by thread: [PLUG] what do these network errors mean?

Next by thread: [PLUG] openssh on rh 6.2

Index(es):

Date

Thread