On 25 July 2017 at 16:32, PATEL, SAMEER <sameer.patel@xxxxxxxxxxx> wrote: > Hi, > > I'm having some problems with the following configuration: > > - Two firewalls in a master-backup configuration managed by keepalived > - A single dedicated link between the two firewalls managed by conntrackd > > Now, if I make around 30000 connections between a computer and a server behind the firewall, and the master firewall fails, then conntrackd exits (or perhaps crashes). I don't think this is an out-of-memory issue because conntrackd didn't have the highest OOM score before it failed. Also, I watched memory usage while this was going on and there seemed to be plenty. > > Is there some tweak or configuration parameter that enables support for large numbers of connections? Any insights into this issue would be greatly appreciated. > Could you share which version are you running? both of the kernel, conntrackd (and libnetfilter-conntrackd). Did you look at the logs? usually /var/log/conntrackd.log. If conntrackd is hitting some errors, for example, failed to commit some entries, then some log lines should be there. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
