Hi, guys.
I recently installed gargoyle 1.7.2 on my new Netgear WNDR4300. Everything seems to be fine. But the syslogs keeps showing things like this:
Fri Aug 14 15:41:14 2015 kern.warn kernel: [58926.650000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:14 2015 kern.warn kernel: [58926.660000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:14 2015 kern.warn kernel: [58926.660000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:19 2015 kern.warn kernel: [58932.100000] net_ratelimit: 83 callbacks suppressed
Fri Aug 14 15:41:19 2015 kern.warn kernel: [58932.100000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:19 2015 kern.warn kernel: [58932.640000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:20 2015 kern.warn kernel: [58932.730000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:20 2015 kern.warn kernel: [58932.760000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58935.780000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58936.330000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58936.330000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58936.350000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58936.520000] nf_conntrack: table full, dropping packet
Fri Aug 14 15:41:23 2015 kern.warn kernel: [58936.540000] nf_conntrack: table full, dropping packet
What is this nf_conntrack? I have a NAS running transmission 24*7. Is it possible the warns are cause by large amounts of UDP requests?
What should I do to fix it?
Thanks a lot.
Installed 1.7.2 on wndr4300v1, logs keeps showing kern.warn
Moderator: Moderators
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
Yea I think that flooding is probably causing you an issue.
You're hitting the limit specified on "Firewall - Connection Limits". You can increase this number at the expense of memory/performance.
If you set it too high your router will probably run out of memory and eventually grind to a halt (requiring a reboot).
Your other option would be to drop the timeouts for them to kick off old connections quicker.
You're hitting the limit specified on "Firewall - Connection Limits". You can increase this number at the expense of memory/performance.
If you set it too high your router will probably run out of memory and eventually grind to a halt (requiring a reboot).
Your other option would be to drop the timeouts for them to kick off old connections quicker.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
Thanks for the reply.Lantis wrote:Yea I think that flooding is probably causing you an issue.
You're hitting the limit specified on "Firewall - Connection Limits". You can increase this number at the expense of memory/performance.
If you set it too high your router will probably run out of memory and eventually grind to a halt (requiring a reboot).
Your other option would be to drop the timeouts for them to kick off old connections quicker.
I am now setting the connection limits at 12000. What number is adequate for wndr4300 anyway?
And about the other option, how would I do that?
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
Hard to say for sure sorry mate.
I think you'll hit the limit of your cpu speed far before you hit 12000 connections but who knows.
The two options below that are the timeout required before the connection is dropped from the table.
I think they are in seconds? So 600 is 10 minutes.
You could try halving them or whatever seems appropriate.
Ultimately you're experimenting here and you might find it helps or doesn't, or it helps to a certain point.
I think you'll hit the limit of your cpu speed far before you hit 12000 connections but who knows.
The two options below that are the timeout required before the connection is dropped from the table.
I think they are in seconds? So 600 is 10 minutes.
You could try halving them or whatever seems appropriate.
Ultimately you're experimenting here and you might find it helps or doesn't, or it helps to a certain point.
https://lantisproject.com/downloads/gargoylebuilds for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Please be respectful when posting. I do this in my free time on a volunteer basis.
https://lantisproject.com/blog
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
Ya I think I have a long way to go trying these numbers.Lantis wrote:Hard to say for sure sorry mate.
I think you'll hit the limit of your cpu speed far before you hit 12000 connections but who knows.
The two options below that are the timeout required before the connection is dropped from the table.
I think they are in seconds? So 600 is 10 minutes.
You could try halving them or whatever seems appropriate.
Ultimately you're experimenting here and you might find it helps or doesn't, or it helps to a certain point.
So what if I just ignore the flooding message? What would happen then?
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
thinking out loud
"you tell us"
"you tell us"
Re: Installed 1.7.2 on wndr4300v1, logs keeps showing kern.w
Well, I changed the max connection limit to 8192 and udp timeout to 480 and have been observing the syslogs for 2 days. Everything seems to be fine.
Thanks everyone.
Thanks everyone.