On Mon, Nov 25, 2002 at 02:00:41PM +0200, Warren P wrote:
> I'm receiving the following messages in /var/log/messages
> kernel: ip_conntrack: table full, dropping packet.
> My ip_conntrack_max = 65528.
> I'm running a squid proxy and the messages did not bother me, until
> last few days, when the proxy's responses deteriated heavily.
> If ip_conntrack is the causing the problem, please indicate as to how
> I determine what the prefered size of ip_conntrack_max should be
> considering that I have 1gig of RAM in the machine.
insmod ip_conntrack hashsize=4194304
If you have a lot of different connections, you do not want to be
stuck with 8192 buckets. It will get your system cpu up to
100%...
This way, you free your CPU, and it will allow you to have
9gigabyte worth of connections ... :-)
Anyway, adjust the hashsize to something that fits the use. The
hashsize I use above is for a core firewall only. But it does a
lot of connection tracking...
--
procedure signature;
begin { telegraaf.com
} writeln('<ard@telegraafnet.nl> SMA-IS | Geeks don't get viruses');
end
