Re: [CentOS] ip_conntrack: table full, dropping packet.

18 Apr 2008


      John R Pierce wrote:
...
Masry Alex wrote:
...
is there a way to completely disable ip_conntrack ?
without connection tracking, NAT simply won't work.
With recent kernels, it is possible to do 1:1 NAT (mapping one private 
address to exactly one public IP alias on the external interface) 
without netfilter, but using iproute instead.
It will not work for other kinds of NAT, only for 1:1 mapping.
I forgot the details, but you'll have to build and install the most 
recent stable kernel, and probably also update the iproute and iptables 
packages to the most recent stable releases. And then you can do 1:1 NAT 
with the ip utility. Because NAT is not activated in netfilter, 
ip_conntrack is not required.
-- 
Florin Andrei

http://florin.myip.org/

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] ip_conntrack: table full, dropping packet.