[ntp:questions] What traffic from pool is normal ?
john at stz-bg.com
Wed Jun 22 07:04:22 UTC 2011
On Tue, 21 Jun 2011 17:00:30 +0000, Chuck Swiger wrote:
> On Jun 21, 2011, at 12:33 AM, Condor wrote:
>> Here is error that i got from kernel:
>> net_ratelimit: 686 callbacks suppressed nf_conntrack: table full,
>> dropping packet. nf_conntrack: table full, dropping packet.
>> nf_conntrack: table full, dropping packet.
> You're using a stateful firewall for NTP traffic, and it's connection
> state table has filled. I recommend not using stateful rules for NTP
> traffic, as it adds latency and potential denial-of-service problems
> with the firewall.
> The network tuning you'd mentioned mostly affects TCP and doesn't matter
> to UDP.
> The high traffic rate you'd seen of 3000 packets/sec is unusual, but if
> your firewall was dropping packets, some NTP clients behave badly and
> query faster.
I use only one rule on my firewall and its a postrouting rule:
-A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source external_ip
Can we pls did not discus my tcp/ip settings and to point over the
problem how i can resolve it.
More information about the questions