From: Security <security@ezsm.net >
To: netfilter@lists.netfilter.org
Subject: Re: HELP!!! (ip_conntrack: table full)
Date: Mon, 27 Oct 2003 16:23:17 -0400 [thread overview]
Message-ID: <200310271523.20112.security@ezsm.net> (raw)
In-Reply-To: <web-171329066@mail01.infosat.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Warren,
I would only raise the value in /proc/net/ip_conntrack a little bit at a
time till you find the lowest number that works for your situation. Once you
have everything under control, the number shouldn't have to be too high, at
least this has been my experience. I only raise the number when having a
"situation", and then lower it back down once things are calmed down.
And yes, I did mean to rmmod ip_conntack, when I mentioned dropping
ip_conntrack. Although, this tends to require dropping a few other modules
as well, and also tends to require stopping iptables while you do so. (due to
some of the modules that you have to remove.) Which is why it is not the
best solution for all situations....
NH
On Monday 27 October 2003 2:52 pm, Warren P wrote:
> hi
>
> WRT echo ## > /proc/net/ip_conntrack
>
> Considering i've got 1gig of RAM ... what is a safe value i
> can set ip_conntrack_max to? The current value is 65528
>
> Also when you refer to dropping ip_conntrack ... do mean
> like rmmod ip_conntrack.o?
>
> Regards,
> Warren P
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE/nX62PEfiOMhBaIMRAhApAJ9wjH7HpUP2uS54gnKX366qx1HQdgCdErQ9
RijgnV+fchqx/oJ25qpCblA=
=vyvf
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2003-10-27 20:23 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030919042818.24451.68672.Mailman@netfilter-sponsored-by.noris.net>
2003-09-19 6:44 ` Error message change request (Sigþór Jarðarson) Frederic de Villamil
2003-09-19 14:43 ` HELP!!! (ip_conntrack: table full) Alpha Technologies
2003-09-19 15:11 ` Security
2003-10-27 19:52 ` Warren P
2003-10-27 20:09 ` Oskar Andreasson
2003-10-27 20:09 ` NightHawk
2003-10-27 20:46 ` Warren P
2003-10-27 20:53 ` Security
2003-10-27 21:04 ` Oskar Andreasson
2003-10-27 20:21 ` NightHawk
2003-10-29 1:34 ` Edmund Turner
2003-10-29 1:50 ` Security
2003-10-29 1:58 ` Alistair Tonner
2003-10-27 20:23 ` Security [this message]
2003-09-19 15:15 ` Nox
2003-09-19 16:06 ` Cedric Blancher
2003-10-27 21:01 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200310271523.20112.security@ezsm.net \
--to=security@ezsm.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.