Results 1 to 1 of 1
Thread: ip_conntrack issues.
Apr 4, 2005, 05:58 #1
- Join Date
- Nov 2004
- Pittsburgh, PA
- 0 Post(s)
- 0 Thread(s)
I currently use APF for a firewall solution on a very busy server.
After some time i start getting the following error in messages:
Apr 4 08:24:08 XXXXXXX kernel: ip_conntrack: table full, dropping packet.
I searched google and from what I understand this file is used to limit the amount of IP connections to the server.
to remedy this issue I simple increase the amount of connections allowed by running:
echo "220000" > /proc/sys/net/ipv4/ip_conntrack_max
This works fine for awhile but after a undetermined amount of time it seems to "reset" it self to the lower number.
I poked around the /etc/apf directory and found an entry in sysctl.rules:
if [ "$SYSCTL_CONNTRACK" == "" ]; then
SYSCTL_CONNTRACK = 220000
I was thinking that apf maybe refreshes after so long so I changed the number to the one listed above.
The server was unresponsive in the morning and to fix it I had to up the increase the value of ip_conntrack_max again. (It was reset back to the default value).
Any ideas how I can remedy this on a permanent basis?
Thanks in advance.