Error log Drop pocket

mahdy_sharifi

• September 17, 2014 15:16

Hi : Sometimes server gows slow or even down over webserver, after check messages logs following error seeing : nf_conntrack: table full, dropping packet TCP: time wait bucket table overflow
No any attack on server, I increased nf_conntrack_max but not helpfull. but when Iptables stop this problem resolve and server back with good speed What is problem ? Thank You

• 

  cPanelPeter cPanel Staff

  • September 17, 2014 20:25

  Hello, What happens when you type the following: netstat -antp | grep TIME_WAIT | wc -l
  How many connections were returned?

  0
• 

  mahdy_sharifi

  • September 18, 2014 06:25

  netstat -antp | grep TIME_WAIT | wc -l 4599

  0
• 

  cPanelMichael

  • September 18, 2014 14:19

  [quote="mahdy_sharifi, post: 1732372">Sometimes server gows slow or even down over webserver
  Hello :) Do you notice any particular output to /usr/local/apache/logs/error_log when this happens? Thank you.

  0
• 

  mahdy_sharifi

  • September 18, 2014 21:34

  No ... error_log normal. when this problem occur I run : service iptables stop and problem solved, although iptables start again after 5 min, but till 24 hrs no problem occur . (24 hrs till next cpanel update)

  0
• 

  cPanelMichael

  • September 19, 2014 14:14

  You may want to try installing a third-party firewall such as CSF if your default iptables firewall rules appear to be the cause of the problem. Thank you.

  0
• 

  mahdy_sharifi

  • September 21, 2014 05:24

  I am using CSF !

  0
• 

  cPanelMichael

  • September 22, 2014 18:20

  This is more of an issue with your system and your firewall as opposed to an issue with the cPanel software. The following thread on a third-party website provides information about this issue: [url=http://security.stackexchange.com/questions/43205/nf-conntrack-table-full-dropping-packet]denial of service - nf_conntrack: table full, dropping packet - Information Security Stack Exchange Thank you.

  0

Please sign in to leave a comment.