FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User
Reload this Page iptables - conntrack and ip_conntrack_max

 
 
LinkBack Thread Tools
 
Old 08-15-2012, 10:09 PM
Sladjan Ri
 
Default iptables - conntrack and ip_conntrack_max
Hi,

I am successfully loading the conntrack module with an option:
nf_conntrack hashsize=2097152

My problem is that I can't seem to define
'/proc/sys/net/ipv4/netfilter/ip_conntrack_max' or
'/proc/sys/net/netfilter/nf_conntrack_max'.

I tried adding a line to /etc/sysctl.d/local.conf:
net.ipv4.netfilter.ip_conntrack_max = 2097152 (or the other path)

I also tried adding a line to /etc/rc.local echo:
2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

Both won't work, instead ip_conntrack_max or nf_conntrack_max seem to
be determined by some formula using hashsize. In my case it is set to
16777216.

I still can set the value using either 'sysctl -p /etc/sysctl.d/local.conf' or
'echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' after I
login as root.

I would like to set this value automatically after a reboot though.
Any hints please? Thanks.


Regards,
Sladi


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAH_S8NhJx4xC_pe4rmcYBZ2p-6YSFpB0d_D_0z-cPcM2WdDr7g@mail.gmail.com">http://lists.debian.org/CAH_S8NhJx4xC_pe4rmcYBZ2p-6YSFpB0d_D_0z-cPcM2WdDr7g@mail.gmail.com
 
Old 08-16-2012, 06:39 AM
Tom H
 
Default iptables - conntrack and ip_conntrack_max
On Wed, Aug 15, 2012 at 6:09 PM, Sladjan Ri <sladjanri@gmail.com> wrote:
>
> I am successfully loading the conntrack module with an option:
> nf_conntrack hashsize=2097152
>
> My problem is that I can't seem to define
> '/proc/sys/net/ipv4/netfilter/ip_conntrack_max' or
> '/proc/sys/net/netfilter/nf_conntrack_max'.
>
> I tried adding a line to /etc/sysctl.d/local.conf:
> net.ipv4.netfilter.ip_conntrack_max = 2097152 (or the other path)
>
> I also tried adding a line to /etc/rc.local echo:
> 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
>
> Both won't work, instead ip_conntrack_max or nf_conntrack_max seem to
> be determined by some formula using hashsize. In my case it is set to
> 16777216.
>
> I still can set the value using either 'sysctl -p /etc/sysctl.d/local.conf' or
> 'echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' after I
> login as root.

Try adding "nf_conntrack" to "/etc/modules".


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAOdo=Sx-O6dtCWrLRY1mZwvenecA-BJGxZPnUCpFw+MumO+2Ow@mail.gmail.com
 

Thread Tools




All times are GMT. The time now is 03:22 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -