now to increase ip_conntrack

Linux Netfilter discussions
 help / color / mirror / Atom feed

* now to increase ip_conntrack_max in 2.6.28?
@ 2009-07-28  6:26 Alec Matusis
  2009-07-28  6:53 ` Marek Kierdelewicz
  0 siblings, 1 reply; 3+ messages in thread
From: Alec Matusis @ 2009-07-28  6:26 UTC (permalink / raw)
  To: netfilter

I need to increase the number of connections that netfilter can track on a
production server, to avoid "ip_conntrack: table full, dropping packet"
messages.
On 2.6.24 (ubuntu 8.04) it was:
echo 524288 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

On 2.6.28 (ubuntu 9.04) the entire /proc/sys/net/ipv4/netfilter directory is
missing. Moreover, 

find / -name ip_conntrack_max 

returns NOTHING.

How do I increase this?

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: now to increase ip_conntrack_max in 2.6.28?
  2009-07-28  6:26 now to increase ip_conntrack_max in 2.6.28? Alec Matusis
@ 2009-07-28  6:53 ` Marek Kierdelewicz
  2009-07-28  7:09   ` Alec Matusis
  0 siblings, 1 reply; 3+ messages in thread
From: Marek Kierdelewicz @ 2009-07-28  6:53 UTC (permalink / raw)
  To: Alec Matusis; +Cc: netfilter

Hi Alec,

>On 2.6.28 (ubuntu 9.04) the entire /proc/sys/net/ipv4/netfilter
>directory is missing. Moreover, 

Make sure you have nf_conntrack loaded. It you do, then file you're
looking for is here:
/proc/sys/net/nf_conntrack_max

Cheers,
Marek Kierdelewicz

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: now to increase ip_conntrack_max in 2.6.28?
  2009-07-28  6:53 ` Marek Kierdelewicz
@ 2009-07-28  7:09   ` Alec Matusis
  0 siblings, 0 replies; 3+ messages in thread
From: Alec Matusis @ 2009-07-28  7:09 UTC (permalink / raw)
  To: netfilter

Thank you Marek, in Ubuntu 9.04 server edition nf_conntrack module
apparently is not loaded by default. I wonder why... What confused me was
that iptables rules actually worked, so I thought the module must have been
loaded.
I loaded it, and the file appeared.

> -----Original Message-----
> From: Marek Kierdelewicz [mailto:marek@piasta.pl]
> Sent: Monday, July 27, 2009 11:53 PM
> To: Alec Matusis
> Cc: netfilter@vger.kernel.org
> Subject: Re: now to increase ip_conntrack_max in 2.6.28?
> 
> Hi Alec,
> 
> >On 2.6.28 (ubuntu 9.04) the entire /proc/sys/net/ipv4/netfilter
> >directory is missing. Moreover,
> 
> Make sure you have nf_conntrack loaded. It you do, then file you're
> looking for is here:
> /proc/sys/net/nf_conntrack_max
> 
> Cheers,
> Marek Kierdelewicz


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-07-28  7:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-28  6:26 now to increase ip_conntrack_max in 2.6.28? Alec Matusis
2009-07-28  6:53 ` Marek Kierdelewicz
2009-07-28  7:09   ` Alec Matusis

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox