Increasing ip_conntrack_max
Ben Tyler
bent300 at yahoo.com
Thu Sep 8 15:18:24 UTC 2005
I've been looking for information regarding increasing
the value of "/proc/sys/net/ipv4/ip_conntrack_max" on
my RHEL3 box running iptables/ip_masq. Any pointers
would be greatly appreciated.
I see about 200 lines of "kernel: ip_conntrack: table
full, dropping packet." in /var/log/messages each day.
The machine has 1GB of ram and performs no other
functions. It's current memory usage (less
buffers/cache) is about 150MB.
The current value of ip_conntrack_max which was set by
the RHEL installer is 65016. Can I increase this
value? If so how much?
Is there a better way to monitor the current number of
connections being tracked then `cat
/proc/net/ip_conntrack | wc -l` which takes about 30
seconds with this many connections.
Are there any other parameters I can increase to help
the performance of a system that only does ip_masq?
Thanks,
Ben
______________________________________________________
Click here to donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
More information about the redhat-list
mailing list