Increasing ip_conntrack_max
Jeff
jeff at virgin.net
Thu Sep 8 19:10:56 UTC 2005
Ben Tyler wrote:
>I've been looking for information regarding increasing
>the value of "/proc/sys/net/ipv4/ip_conntrack_max" on
>my RHEL3 box running iptables/ip_masq. Any pointers
>would be greatly appreciated.
>
>I see about 200 lines of "kernel: ip_conntrack: table
>full, dropping packet." in /var/log/messages each day.
>
>The machine has 1GB of ram and performs no other
>functions. It's current memory usage (less
>buffers/cache) is about 150MB.
>
>The current value of ip_conntrack_max which was set by
>the RHEL installer is 65016. Can I increase this
>value? If so how much?
>
>Is there a better way to monitor the current number of
>connections being tracked then `cat
>/proc/net/ip_conntrack | wc -l` which takes about 30
>seconds with this many connections.
>
>Are there any other parameters I can increase to help
>the performance of a system that only does ip_masq?
>
>Thanks,
>Ben
>
>
>
>
I had similar problems on my home firewall box running RH9. It was a
realy old, low spec PC (P266, 256MB RAM i think). I just kept increasing
the ip_conntrack_max value until I stopped seeing entries in the logs.
Not an exact figure but I probably increased the value by 1000 times its
default setting with no adverse affects - I just kept adding another
zero to the current setting until i stopped seeing errors ;). I wouldnt
recommend doing this on a production server but if its a home system or
a non-important box then it may be worth a try. Once you have a good
value make sure you create an init script so the setting is changed on
every reboot.
FYI, to increase the value just `echo new_value >
/proc/sys/net/ipv4/ip_conntrack_max` Its not kept in a config file
anywhere, the kernel sets it on boot depending on your amount of RAM.
If the box is doing nothing else then you should be able to increase the
value significantly - the gurus should be able to give a better idea
whats a 'safe' value.
Hope this helps
Jeff
More information about the redhat-list
mailing list