[ntp:questions] What traffic from pool is normal ?

Condor john at stz-bg.com
Wed Jun 22 07:04:22 UTC 2011


On Tue, 21 Jun 2011 17:00:30 +0000, Chuck Swiger wrote:

> On Jun 21, 2011, at 12:33 AM, Condor wrote:
>> Here is error that i got from kernel:
>> 
>> net_ratelimit: 686 callbacks suppressed nf_conntrack: table full,
>> dropping packet. nf_conntrack: table full, dropping packet.
>> nf_conntrack: table full, dropping packet.
> 
> You're using a stateful firewall for NTP traffic, and it's connection
> state table has filled.  I recommend not using stateful rules for NTP
> traffic, as it adds latency and potential denial-of-service problems
> with the firewall.
> 
> The network tuning you'd mentioned mostly affects TCP and doesn't matter
> to UDP.
> 
> The high traffic rate you'd seen of 3000 packets/sec is unusual, but if
> your firewall was dropping packets, some NTP clients behave badly and
> query faster.
> 
> Regards,

I use only one rule on my firewall and its a postrouting rule:
 -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j SNAT --to-source external_ip

Can we pls did not discus my tcp/ip settings and to point over the 
problem how i can resolve it.

Regards,
Condor




More information about the questions mailing list