If Linux server handle lots of connections, then you get the problem with ip_conntrack iptables module. Connection tracking by default handles up to a certain number of simultaneous connections. This number is dependent on you system's maximum memory size.
To View Current Limit :
# sysctl net.ipv4.netfilter.ip_conntrack_max
8192
or
# cat /proc/sys/net/ipv4/ip_conntrack_max
8192
To increase the Limit:
Generally, the ip_conntrack_max is set to the total MB of RAM installed multiplied by 16. If you have 2GB of RAM, then ip_conntrack_max was set to 32768
# sysctl -w net.ipv4.netfilter.ip_conntrack_max=32768
Or we can add in /etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max=32768
To View Current Open Session:
# wc -l /proc/net/ip_conntrack
2520 /proc/net/ip_conntrack
To View Current Limit :
# sysctl net.ipv4.netfilter.ip_conntrack_max
8192
or
# cat /proc/sys/net/ipv4/ip_conntrack_max
8192
To increase the Limit:
Generally, the ip_conntrack_max is set to the total MB of RAM installed multiplied by 16. If you have 2GB of RAM, then ip_conntrack_max was set to 32768
# sysctl -w net.ipv4.netfilter.ip_conntrack_max=32768
Or we can add in /etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max=32768
To View Current Open Session:
# wc -l /proc/net/ip_conntrack
2520 /proc/net/ip_conntrack
No comments:
Post a Comment