On Friday June 06 2003 10:50 am, you wrote:
> Hello,
> While testing iptables, I came across the following
> error messages in the /var/log/messages file:
>
> Jun 6 04:36:50 fw kernel: Neighbour table overflow.
> Jun 6 04:36:51 fw kernel: Neighbour table overflow.
> Jun 6 04:36:53 fw kernel NET: 18 messages suppressed.
> Jun 6 04:36:53 fw: Neighbour table overflow.
> Jun 6 04:37:42 fw kernel NET: 15 messages suppressed.
> Jun 6 04:37:42 fw: Neighbour table overflow.
> Jun 6 04:37:43 fw last message repeated 8 times
> Jun 6 04:37:43 fw kernel NET: 2 messages suppressed.
> Jun 6 04:37:43 fw kernel: Neighbour table overflow.
> Jun 6 04:37:48 fw kernel NET: 22 messages suppressed.
> Jun 6 04:37:48 fw: Neighbour table overflow.
> Jun 6 04:37:54 fw kernel: NET: 6 messages suppressed.
> Jun 6 04:37:54 fw kernel: Neighbour table overflow.
> Jun 6 06:01:25 fw kernel: NET: 4 messages suppressed.
>
> I am using Redhat Linux 2.4.18-14smp on a HP Netserver
> LP 1000R, dual 1.13 GHz Pentium III processors with
> 512Mb of RAM and 20 GB Hard Drive and the iptables
> implementation included with the OS. I am assuming the
> hardware, and kernel version are appropriate for
> iptables to run comfortably.
>
> A search on google indicats that such errors can be
> caused if the loopback interface is mis-configured or
> is 'down'. However, I have checked to make sure that
> the loopback interface was 'up' and had the standard
> configuration. Some posts indicated that this error
> can be caused due to arp handling problems in earlier
> version of Linux (which should not be an issue with
> the 2.4 kernel ?).
>
> I have tried various combination of iptables setup,
> such as loading and unloading the different modules it
> used (without loading any iptables rules), watching
> the logs with ip forwarding enabled/ disabled
> (/proc/sys/net/ipv4/ip_forward) etc for the sake of
> eliminating my ruleset or any of my configuration
> options as the cause. The error appears sporadically,
> but I the pattern I have noticed is that anytime ip
> forwarding is enabled, the arp cache starts filling up
> and these error eventually appear (even in the absense
> of any iptables). I have configured iptables according
> to the tutorials at netfilter.org with additional
> rules to suit my environment.
>
> I know this issue has been discussed much on the
> Internet, however, none of the suggested solutions are
> helping in my case. I would truly appreciate any
> input/ suggestions on this issue.
>
> Thanks,
> Divyangi
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
> http://calendar.yahoo.com
Good job troubleshooting and researching the problem. It is unfortunate that
the solution still eluded you. I hate it when that happens.
The error is not a terribly big problem. Basically it means that your arp
table has reached it's maximum capacity. As you have already discussed this
can be due to a down interface, especially a down loopback interface but,
this is not the case in your situation.
The reason the it occurs when you enable IP forwarding is because the
router(IP forwarding) tries to keep track of all the systems on the subnet,
likely due to proxy-arp. In this case it is recording all of the arp traffic
on your cable modem? subnet. Your arp table fills up rapidly and runs out of
room for new entries before older entries have a chance to be aged out.
One possible solution to this issue would be to disable IP frowarding. If this
is not possible, then you may wish to increase the space allotted to your arp
cache. You can see what it is by doing the command:
cat /proc/sys/net/ipv4/neigh/default/gc_thresh3
On my machine it defaults to 1024. You could try doubling this with the
command:
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
Try seeing if this works. I suspect that either of these solutions will fix
your problem but, it may even be necessary to use both solutions at once.
Finally, remember that the setting you echo into /proc will reset to default
if you reboot. If you need it to be permanent then you will either need to do
some kernel hacking or you will need to set up a script to echo the new value
into /proc each time you boot.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:18:28 EDT