Re: HELP!!! (ip_conntrack: table full)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Warren,
   I would only raise the value in /proc/net/ip_conntrack a little bit at a 
time till you find the lowest number that works for your situation.  Once you 
have everything under control, the number shouldn't have to be too high, at 
least this has been my experience.  I only raise the number when having a 
"situation", and then lower it back down once things are calmed down.

And yes, I did mean to rmmod ip_conntack, when I mentioned dropping 
ip_conntrack.  Although, this tends to require dropping a few other modules 
as well, and also tends to require stopping iptables while you do so. (due to 
some of the modules that you have to remove.)  Which is why it is not the 
best solution for all situations....

NH

On Monday 27 October 2003 2:52 pm, Warren P wrote:
> hi
>
> WRT echo ## > /proc/net/ip_conntrack
>
> Considering i've got 1gig of RAM ... what is a safe value i
> can set ip_conntrack_max to? The current value is 65528
>
> Also when you refer to dropping ip_conntrack ... do mean
> like rmmod ip_conntrack.o?
>
> Regards,
> Warren P
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE/nXtqb58ZIoF+byQRAgbWAKCOgeguwsDsDnvsH/8MHx5BTwKuSQCffJ+t
fcgUdKA6Npi/VyhejhJegOE=
=Th5c
-----END PGP SIGNATURE-----




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux