LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Increasing /proc/net/ip_conntrack_max (https://www.linuxquestions.org/questions/linux-server-73/increasing-proc-net-ip_conntrack_max-671642/)

imagize 09-22-2008 03:23 PM
Increasing /proc/net/ip_conntrack_max
 
Hello,

My server recently began hitting the max number defined for max ip_conntrack (34000) and it began showing a lot of errors such as:

Quote:
ip_conntrack: table full, dropping packet
I ran this command:

Quote:
sysctl -w net.ipv4.netfilter.ip_conntrack_max=65536
And it fixed the problem but it doesn't seem to be permanent, when the server restarts it goes back to 34000 default. Here is current usage:

Quote:
wc -l /proc/net/ip_conntrack
43283 /proc/net/ip_conntrack
How can I permanently change this setting to avoid future issues? when the server hits the max it begins dropping packets etc. (I'm running CentOS 5.2)

Thanks

dmor 09-22-2008 03:44 PM
/etc/sysctl.conf
 
Quote:
Originally Posted by imagize (Post 3288544)
Hello,

My server recently began hitting the max number defined for max ip_conntrack (34000) and it began showing a lot of errors such as:



I ran this command:



And it fixed the problem but it doesn't seem to be permanent, when the server restarts it goes back to 34000 default. Here is current usage:



How can I permanently change this setting to avoid future issues? when the server hits the max it begins dropping packets etc. (I'm running CentOS 5.2)

Thanks
/etc/sysctl.conf - this is the file you can make this setting permanent!

imagize 09-22-2008 11:24 PM
I found the cause, It was APF firewall, I set SYSCTL_CONNTRACK="65536" in conf.apf.


All times are GMT -5. The time now is 07:01 AM.