Hi,

I have a fedora 10 server set as a router. I want to disable the netfilter as it is causing the server to slow down and the soft-irqs are going really high. The /var/log/messages is showing the following:

Code:
Dec 16 05:13:18 router kernel: __ratelimit: 7 callbacks suppressed
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
The firewall is disabled and the and the kernel limits have been set in sysctl.conf:

Code:
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
I have tried to set the limit of the nf_conntrack higher, but as i set the limit higher, the table is being populated even more. The current limit is:

Code:
net.core.netdev_max_backlog = 250000
net.nf_conntrack_max = 1950000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_acct = 0
Now, is there a way to completely disable the netfilter or ip_conntrack. Also its worth noting that there is no module for ip_conntrack in fc10. It seems to be compiled into the kernel...

Thanks in advance...