[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables - conntrack and ip_conntrack_max

On Wed, Aug 15, 2012 at 6:09 PM, Sladjan Ri <sladjanri@gmail.com> wrote:
>
> I am successfully loading the conntrack module with an option:
> nf_conntrack hashsize=2097152
>
> My problem is that I can't seem to define
> '/proc/sys/net/ipv4/netfilter/ip_conntrack_max' or
> '/proc/sys/net/netfilter/nf_conntrack_max'.
>
> I tried adding a line to /etc/sysctl.d/local.conf:
> net.ipv4.netfilter.ip_conntrack_max = 2097152 (or the other path)
>
> I also tried adding a line to /etc/rc.local echo:
> 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
>
> Both won't work, instead ip_conntrack_max or nf_conntrack_max seem to
> be determined by some formula using hashsize. In my case it is set to
> 16777216.
>
> I still can set the value using either 'sysctl -p /etc/sysctl.d/local.conf' or
> 'echo 2097152 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max' after I
> login as root.

Try adding "nf_conntrack" to "/etc/modules".
Reply to: