[pve-devel] nf_conntrack: table full, dropping packet error
Alexandre DERUMIER
aderumier at odiso.com
Tue Oct 11 09:57:59 CEST 2011
yes, CONFIG_BRIDGE_NETFILTER is enabled, but depend on nf_conntrack module.
so, the nf_conntrack is loaded , but I don't know why .....
Maybe it was already loaded before with debian kernel ? (can you confirm me nf_conntrack was loaded with previous debian kernel ?)
If nf_conntrack must really loaded (maybe some users need iptables), I think CONFIG_BRIDGE_NETFILTER must be disabled by default.
Conntrack on bridge can be easily saturated on hosts with many vms.
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 11 Octobre 2011 09:32:12
Objet: RE: [pve-devel] nf_conntrack: table full, dropping packet error
> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Dienstag, 11. Oktober 2011 09:25
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] nf_conntrack: table full, dropping packet error
>
> but I don't use iptables and i don't why nf_conntrack is loaded with 2.6.32-6-pve
> ....
>
> kernel option is CONFIG_BRIDGE_NETFILTER
But that is also enabled on all our other kernel , and its also enabled in the debian and RHEL kernels!
- Dietmar
--
--
Alexandre Derumier
Ingénieur système
e-mail : aderumier at odiso.com
Tél : +33 (0)3 20 68 88 90
Fax : +33 (0)3 20 68 90 81
45 Bvd du Général Leclerc
59100 ROUBAIX - FRANCE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: aderumier.vcf
Type: text/x-vcard
Size: 183 bytes
Desc: not available
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20111011/fd01ea83/attachment.vcf>
More information about the pve-devel
mailing list