应对”nf_conntrack: table full, dropping packe”
date
Jan 29, 2022
slug
tip-nf_conntrack
status
Published
summary
小技巧 conntrack
tags
tip
type
Post
URL
Problem & Summary
- journalctl -xe 当中发现了很多
- sysctl -a | grep conntrack
- sysctl -a | grep conntrack | grep max
# check the maximum value with the following command
cat /proc/sys/net/nf_conntrack_max
# check the number of connection on the conntrack table by the command
cat /proc/sys/net/netfilter/nf_conntrack_count
Soltion
vim /etc/sysctl.conf
# 然后加入
# 永久生效
# 修改内核配置文件(/etc/sysctl.conf)
net.netfilter.nf_conntrack_max=100000
net.netfilter.nf_conntrack_tcp_timeout_established=300
net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
# 我并没修改
net.nf_conntrack_max=100000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
net.netfilter.nf_conntrack_tcp_timeout_close_wait=15
# 如果要马上应用配置文件里的设置:
sudo sysctl -p /etc/sysctl.conf
# 如有必要,在crontab -e 当中加入
@reboot sleep 10; /sbin/sysctl -p /etc/sysctl.conf