I've been having the same problem, and mailed the netfilter list some time ago for help, but no luck. The message comes from linux-2.4.18/net/ipv4/route.c and is due to a failure of the arp_bind_neighbour routine in linux-2.4.18/net/ipv4/arp.c. This seems to call __neigh_lookup_errno, but I cant find the source-code for this (I'm not a kernel hacker so I'm probably doing something stupid here). However, there are some vars in /proc/sys/net/ipv4/neigh/ which may be relevant. On my machine, eth0/proxy_qlen eth1/proxy_qlen and default/proxy_qlen were all set to 64. I've tried increasing these, but I dont know whether that works on a running system, or whether a reboot is needed, and I dont want to reboot my firewall unless absolutely nesessary. Maybe if you have a chance to play with these, you could let me know the result. I also dont know the significance of the default/proxy_qlen value .
Cheers, Terry. >This is from the kernel config. It might be your problem. How many >hosts do you have on your internal segment? > >Ramin > >---- >CONFIG_ARPD: > >Normally, the kernel maintains an internal cache which maps IP >addresses to hardware addresses on the local network, so that >Ethernet/Token Ring/ etc. frames are sent to the proper address on >the physical networking layer. For small networks having a few >hundred directly connected hosts or less, keeping this address >resolution (ARP) cache inside the kernel works well. However, >maintaining an internal ARP cache does not work well for very large >switched networks, and will use a lot of kernel memory if TCP/IP >connections are made to many machines on the network. > >If you say Y here, the kernel's internal ARP cache will never grow >to more than 256 entries (the oldest entries are expired in a LIFO >manner) and communication will be attempted with the user space ARP >daemon arpd. Arpd then answers the address resolution request either >from its own cache or by asking the net. > >This code is experimental and also obsolete. If you want to use it, >you need to find a version of the daemon arpd on the net somewhere, >and you should also say Y to "Kernel/User network link driver", >below. If unsure, say N. >---- > > > >On Thu, Apr 25, 2002 at 10:04:16AM -0500, hyooga wrote: > >> Greeting :) >> >> Lately, i have been seeing this in my log file "Neighbour table overflow." >> I have looked through newsgroup and advised to check loopback interface but >> there is nothing wrong. Check tcpdump and found unanswered arp requests. >> >> I am running 2.4.18 with iptables 1.2.5 with ip_connect_max set to 8192 and >> running 1gig ram. >> >> Could anyone please lead me to the right place. >> Thanks in advanced >> >> Paul > >
