On Wed, Jun 22, 2011 at 10:19:23AM +0300, Condor wrote: > Hello ppl, > do I can ask what traffic from pool is normal ? I some times have > problems ... I think I got too much query. This problem is from long > time and it's happened only for small amount of time. For 30 min to > 1 hour and usual when Im not logged in to see what's happened. Here > is error that i got from kernel: > > net_ratelimit: 686 callbacks suppressed > nf_conntrack: table full, dropping packet. > nf_conntrack: table full, dropping packet. > nf_conntrack: table full, dropping packet.
To deal with this specific part of the problem, you can add two more rules to your firewall: iptables -t raw -A PREROUTING -p udp -m udp --dport 123 -j NOTRACK iptables -t raw -A OUTPUT -p udp -m udp --sport 123 -j NOTRACK These tell the kernel to not do connection tracking on incoming UDP traffic to port 123, or outgoing UDP from port 123. I have (variants of) these rules set up on my pool server (which gets lots of traffic), and they keep my conntrack table nice and small. (I just had a look, and it's currently under 30 total entries, with 300+ NTP queries per second coming in.) _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
