From: "Warren P" <warrenp@websurfer.co.za>
To: nighthawk@ezsm.net, Warren P <warrenp@websurfer.co.za>,
netfilter@lists.netfilter.org
Subject: Re: HELP!!! (ip_conntrack: table full)
Date: Mon, 27 Oct 2003 22:46:36 +0200 [thread overview]
Message-ID: <web-171348616@mail01.infosat.net> (raw)
In-Reply-To: <200310271509.16011.nighthawk@easyservermanagement.com>
Hi
Thanks ...
But tell me ... do i really need ip_conntrack? What would
happen if i remove it permanently ... how will this affect
my IP Table rule ...
I've only got one rule:
e.g: iptables -t nat -A PREROUTING -p tcp --dport 80 -j
DNAT --to 192.168.22.33:3128
------------------------------------------------------------
On Mon, 27 Oct 2003 16:09:14 -0400
NightHawk <nighthawk@easyservermanagement.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Warren,
> I would only raise the value in /proc/net/ip_conntrack
> a little bit at a
> time till you find the lowest number that works for your
> situation. Once you
> have everything under control, the number shouldn't have
> to be too high, at
> least this has been my experience. I only raise the
> number when having a
> "situation", and then lower it back down once things are
> calmed down.
>
> And yes, I did mean to rmmod ip_conntack, when I
> mentioned dropping
> ip_conntrack. Although, this tends to require dropping a
> few other modules
> as well, and also tends to require stopping iptables
> while you do so. (due to
> some of the modules that you have to remove.) Which is
> why it is not the
> best solution for all situations....
>
> NH
>
> On Monday 27 October 2003 2:52 pm, Warren P wrote:
> > hi
> >
> > WRT echo ## > /proc/net/ip_conntrack
> >
> > Considering i've got 1gig of RAM ... what is a safe
> value i
> > can set ip_conntrack_max to? The current value is 65528
> >
> > Also when you refer to dropping ip_conntrack ... do
> mean
> > like rmmod ip_conntrack.o?
> >
> > Regards,
> > Warren P
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
>
iD8DBQE/nXtqb58ZIoF+byQRAgbWAKCOgeguwsDsDnvsH/8MHx5BTwKuSQCffJ+t
> fcgUdKA6Npi/VyhejhJegOE=
> =Th5c
> -----END PGP SIGNATURE-----
>
next prev parent reply other threads:[~2003-10-27 20:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030919042818.24451.68672.Mailman@netfilter-sponsored-by.noris.net>
2003-09-19 6:44 ` Error message change request (Sigþór Jarðarson) Frederic de Villamil
2003-09-19 14:43 ` HELP!!! (ip_conntrack: table full) Alpha Technologies
2003-09-19 15:11 ` Security
2003-10-27 19:52 ` Warren P
2003-10-27 20:09 ` Oskar Andreasson
2003-10-27 20:09 ` NightHawk
2003-10-27 20:46 ` Warren P [this message]
2003-10-27 20:53 ` Security
2003-10-27 21:04 ` Oskar Andreasson
2003-10-27 20:21 ` NightHawk
2003-10-29 1:34 ` Edmund Turner
2003-10-29 1:50 ` Security
2003-10-29 1:58 ` Alistair Tonner
2003-10-27 20:23 ` Security
2003-09-19 15:15 ` Nox
2003-09-19 16:06 ` Cedric Blancher
2003-10-27 21:01 Daniel Chemko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=web-171348616@mail01.infosat.net \
--to=warrenp@websurfer.co.za \
--cc=netfilter@lists.netfilter.org \
--cc=nighthawk@ezsm.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox