On Wed, 8 Jan 2003, urgrue wrote: > i just ran into this problem recently. > cat /proc/sys/net/ipv4/ip_conntrack_max > that will show you what the maximum amount of connections is. yours is > obviously reaching this max. > i think this is set based on amount of ram. at least it seems to > automatically be 7160 on my 128mb box and 32704 on my 512mb box. > raising this is apparently a bad idea and can crash your box. No, raising it is perfectly normal. Each conntrack entry uses about 600 bytes of unswappable kernel ram (more exact numbers are somewhere in the netfilter docs). So 10k connections are about 6mb ram - if the box does nothing serious besides routing/filtering, the numbers can by increased a lot on most memory sizes. c'ya sven -- The Internet treats censorship as a routing problem, and routes around it. (John Gilmore on http://www.cygnus.com/~gnu/) - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
