Hey guys. I started getting neighbor table overflow lines in the syslog for unknown reasons: Code: Apr 2 23:20:10 Storage user.warn kernel: printk: 150 messages suppressed. Apr 2 23:20:10 Storage user.warn kernel: Neighbour table overflow. I bumped up the max connections a bit, a long with hash and buckets. Upped the GC values as well: Code: net.ipv4.neigh.default.gc_thresh1 = 512 net.ipv4.neigh.default.gc_thresh2 = 1024 net.ipv4.neigh.default.gc_thresh3 = 2048 And this seems to have eliminated the overflow logs. However, I was left curious as to why the default limits were being exceeded. As my family and I don't torrent, or do much internet activity that is connection-count intensive. So I created a cronjob to run a script that poll's /proc/sys/net/netfilter/nf_conntrack_count every 5 minutes. If it get's a value over 500 it then saves a copy of /proc/net/ip_conntrack for later viewing. What this contained has me puzzled: Code: root@Storage:/tmp/mnt/Flash/Log# cat OVERFLOW.log | grep 192.168.1.47 | grep -m 2 192.168.1.1 ipv4 2 tcp 6 88 TIME_WAIT src=192.168.1.47 dst=192.168.1.1 sport=61726 dport=19516 src=192.168.1.1 dst=192.168.1.47 sport=19516 dport=61726 [ASSURED] mark=0 use=2 ipv4 2 tcp 6 25 TIME_WAIT src=192.168.1.47 dst=192.168.1.1 sport=61143 dport=19516 src=192.168.1.1 dst=192.168.1.47 sport=19516 dport=61143 [ASSURED] mark=0 use=2 root@Storage:/tmp/mnt/Flash/Log# cat OVERFLOW.log | grep 192.168.1.47 | grep -c 192.168.1.1 1106 root@Storage:/tmp/mnt/Flash/Log# 1106 entries from the family desktop at 192.168.1.47 to the router. All in TIME_WAIT, all with differing ports on the desktop side but same 19516 port on the router side. No idea what this is or what is causing it. Not sure of a good way to continue narrowing it down, as with its randomly occurring nature any steps taken will have to be automated in some fashion. Any insight or ideas are welcome.