nf_conntrack
 

Dear All,


*


What is the difference between ip_conntrack and
nf_conntrack. I could set ip_conntrack in /etc/systcl.conf before but now I could
not. Then, I thought, maybe it was changed to nf_conntrack and I also tried to
set nf_conntrack, nf_conntrack_max in the file but it still did not work.


*


Could someone guide me to the use of nf_conntrack related
parameters? Or can I still set ip_conntrack somewhere?


*


Here is all I could find in /proc:


*


# ls /proc/net/nf_conntrack*


/proc/net/nf_conntrack* /proc/net/nf_conntrack_expect


*


Regards,


Khem







--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

nf_conntrack
 

Please have a look at /proc/sys/net/netfilter/

Thomas

Khemera Lin wrote:

Dear All,



What is the difference between ip_conntrack and nf_conntrack. I could
set ip_conntrack in /etc/systcl.conf before but now I could not. Then, I
thought, maybe it was changed to nf_conntrack and I also tried to set
nf_conntrack, nf_conntrack_max in the file but it still did not work.




Could someone guide me to the use of nf_conntrack related parameters? Or
can I still set ip_conntrack somewhere?





Here is all I could find in /proc:




# ls /proc/net/nf_conntrack*

/proc/net/nf_conntrack /proc/net/nf_conntrack_expect




Regards,

Khem




--
Thomas Woerner
Software Engineer Phone: +49-711-96437-310
Red Hat GmbH Fax : +49-711-96437-111
Hauptstaetterstr. 58 Email: Thomas Woerner <twoerner@redhat.com>
D-70178 Stuttgart Web : http://www.redhat.de/

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

nf_conntrack
 

Thanks,

There are a lot of them:

-----------
[root]# ls /proc/sys/net/netfilter/
nf_conntrack_buckets
nf_conntrack_tcp_timeout_fin_wait
nf_conntrack_checksum
nf_conntrack_log_invalid
nf_conntrack_tcp_timeout_last_ack
nf_conntrack_count
nf_conntrack_max
nf_conntrack_tcp_timeout_max_retrans
nf_conntrack_expect_max
nf_conntrack_tcp_be_liberal
nf_conntrack_tcp_timeout_syn_recv
nf_conntrack_tcp_loose
nf_conntrack_tcp_timeout_syn_sent
nf_conntrack_tcp_max_retrans
nf_conntrack_tcp_timeout_time_wait
nf_conntrack_tcp_timeout_close
nf_conntrack_udp_timeout
nf_conntrack_generic_timeout
nf_conntrack_tcp_timeout_close_wait
nf_conntrack_udp_timeout_stream
nf_conntrack_icmp_timeout
nf_conntrack_tcp_timeout_established
------------

Which ones of them can i set to eliminate this error i have:

"kernel: nf_conntrack: table full, dropping packet" ?

Please, a hint or pointer would be much appreciated? I'm now using Fedora
8 and Squid with around 1000 users; i had no problem with previous
versions of Fedora when ip_conntrack was used -- i simply set
ip_conntrack_max = 32768.

Thanks,
Khem

> Please have a look at /proc/sys/net/netfilter/
>
> Thomas
>
> Khemera Lin wrote:
>> Dear All,
>>
>>
>>
>> What is the difference between ip_conntrack and nf_conntrack. I could
>> set ip_conntrack in /etc/systcl.conf before but now I could not. Then, I
>> thought, maybe it was changed to nf_conntrack and I also tried to set
>> nf_conntrack, nf_conntrack_max in the file but it still did not work.
>>
>>
>>
>> Could someone guide me to the use of nf_conntrack related parameters? Or
>> can I still set ip_conntrack somewhere?
>>
>>
>>
>> Here is all I could find in /proc:
>>
>>
>>
>> # ls /proc/net/nf_conntrack*
>>
>> /proc/net/nf_conntrack /proc/net/nf_conntrack_expect
>>
>>
>>
>> Regards,
>>
>> Khem
>>
>
>
> --
> Thomas Woerner
> Software Engineer Phone: +49-711-96437-310
> Red Hat GmbH Fax : +49-711-96437-111
> Hauptstaetterstr. 58 Email: Thomas Woerner <twoerner@redhat.com>
> D-70178 Stuttgart Web : http://www.redhat.de/
>
> --
> fedora-list mailing list
> fedora-list@redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list