nf_conntrack

lin.kh at wicam.com.kh lin.kh at wicam.com.kh
Fri Apr 4 03:32:32 UTC 2008 

Thanks,

There are a lot of them:

-----------
[root]# ls /proc/sys/net/netfilter/
nf_conntrack_buckets
nf_conntrack_tcp_timeout_fin_wait
nf_conntrack_checksum
nf_conntrack_log_invalid
nf_conntrack_tcp_timeout_last_ack
nf_conntrack_count
nf_conntrack_max
nf_conntrack_tcp_timeout_max_retrans
nf_conntrack_expect_max
nf_conntrack_tcp_be_liberal
nf_conntrack_tcp_timeout_syn_recv
nf_conntrack_tcp_loose
nf_conntrack_tcp_timeout_syn_sent
nf_conntrack_tcp_max_retrans
nf_conntrack_tcp_timeout_time_wait
nf_conntrack_tcp_timeout_close
nf_conntrack_udp_timeout
nf_conntrack_generic_timeout
nf_conntrack_tcp_timeout_close_wait
nf_conntrack_udp_timeout_stream
nf_conntrack_icmp_timeout
nf_conntrack_tcp_timeout_established
------------

Which ones of them can i set to eliminate this error i have:

"kernel: nf_conntrack: table full, dropping packet" ?

Please, a hint or pointer would be much appreciated? I'm now using Fedora
8 and Squid with around 1000 users; i had no problem with previous
versions of Fedora when ip_conntrack was used -- i simply set
ip_conntrack_max = 32768.

Thanks,
Khem

> Please have a look at /proc/sys/net/netfilter/
>
> Thomas
>
> Khemera Lin wrote:
>> Dear All,
>>
>>
>>
>> What is the difference between ip_conntrack and nf_conntrack. I could
>> set ip_conntrack in /etc/systcl.conf before but now I could not. Then, I
>> thought, maybe it was changed to nf_conntrack and I also tried to set
>> nf_conntrack, nf_conntrack_max in the file but it still did not work.
>>
>>
>>
>> Could someone guide me to the use of nf_conntrack related parameters? Or
>> can I still set ip_conntrack somewhere?
>>
>>
>>
>> Here is all I could find in /proc:
>>
>>
>>
>> # ls /proc/net/nf_conntrack*
>>
>> /proc/net/nf_conntrack  /proc/net/nf_conntrack_expect
>>
>>
>>
>> Regards,
>>
>> Khem
>>
>
>
> --
> Thomas Woerner
> Software Engineer            Phone: +49-711-96437-310
> Red Hat GmbH                 Fax  : +49-711-96437-111
> Hauptstaetterstr. 58         Email: Thomas Woerner <twoerner at redhat.com>
> D-70178 Stuttgart            Web  : http://www.redhat.de/
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>

More information about the fedora-list mailing list