Re: iptables - conntrack and ip_conntrack_max

[Tom H]

On Wed, Aug 15, 2012 at 6:09 PM, Sladjan Ri <sladja...@gmail.com> wrote:
>
> I am successfully loading the conntrack module with an option:
> nf_conntrack hashsize=2097152
>
> My problem is that I can't seem to define
> '/proc/sys/net/ipv4/netfilter/ip_conntrack_max' or
> '/proc/sys/net/netfilter/nf_conntrack_max'.
>
> I tried adding a line to /etc/sysctl.d/local.conf:
> net.ipv4.netfilter.ip_conntrack_max = 2097152 (or the other path)
>
> I also tried adding a line to /etc/rc.local echo:
> 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
>
> Both won't work, instead ip_conntrack_max or nf_conntrack_max seem to
> be determined by some formula using hashsize. In my case it is set to
> 16777216.
>
> I still can set the value using either 'sysctl -p /etc/sysctl.d/local.conf' or
> 'echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' after I
> login as root.

Try adding "nf_conntrack" to "/etc/modules".


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAOdo=sx-o6dtcwrlry1mzwveneca-bjgxzpnucpfw+mumo+...@mail.gmail.com