It seems that the value of net.ipv4.ip_conntrack_max has no so much to do with the conntrack 'cause the when I measure current number of connections i.e.: wc -l /proc/net/ip_conntrack they show as ~20-30 000 connection, but I set sysctl -w net.ipv4.ip_conntrack_max=150000 and packets get dropped, I have to set it to value above 200 000 so that packets are not dropped ?!! Any idea why is that ? and what is the real correspondence between these values, so that I can set correct value in advance, but not wait until packets start to drop !! tia _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
