From mboxrd@z Thu Jan 1 00:00:00 1970 From: Fallucchi Antonio Subject: Re: ip_conntrack_max Date: Thu, 08 Jul 2004 12:31:10 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <40ED226E.8070808@cisbic.com> References: <40ED161F.5070804@cisbic.com> <200407081056.14826.Antony@Soft-Solutions.co.uk> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <200407081056.14826.Antony@Soft-Solutions.co.uk> Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/html; charset="us-ascii" To: netfilter@lists.netfilter.org Antony Stone wrote:

On Thursday 08 July 2004 10:38 am, Fallucchi Antonio wrote:

hi

i have the problem width "ip_conntrack: table full, dropping packet."

what is the good and max dimension  of the ip_conntrack_max ?


The answer to this depends on:

1. How many connections you need to support through your firewall.
2. How much memory you have in your machine (each connection table entry uses 
a small amount of memory, therefore this is what sets the limit on the 
maximum size you can make it on a given machine.

the memory of my machie is 128 MB, I don't know how many connection I have need..

What is the output of "wc -l /proc/net/ip_conntrack", and how much memory do 
you have in your system?

wc -l /proc/net/ip_conntrack
626 /proc/net/ip_conntrack

Regards,

Antony.