[CentOS] ip_conntrack: table full, dropping packet.

Fri Apr 18 18:18:16 UTC 2008
Florin Andrei <florin at andrei.myip.org>

John R Pierce wrote:
> Masry Alex wrote:
>> is there a way to completely disable ip_conntrack ?
> without connection tracking, NAT simply won't work.

With recent kernels, it is possible to do 1:1 NAT (mapping one private 
address to exactly one public IP alias on the external interface) 
without netfilter, but using iproute instead.
It will not work for other kinds of NAT, only for 1:1 mapping.

I forgot the details, but you'll have to build and install the most 
recent stable kernel, and probably also update the iproute and iptables 
packages to the most recent stable releases. And then you can do 1:1 NAT 
with the ip utility. Because NAT is not activated in netfilter, 
ip_conntrack is not required.

Florin Andrei