On Wed, 5 Dec 2007, Corin Langosch wrote:
> Krzysztof Oledzki schrieb:
>>
>>
>> On Tue, 4 Dec 2007, Corin Langosch wrote:
>>
>>> hi marc,
>>>
>>> yes, netfilter with conntrack is running. I saw errors some weeks ago, but
>>> i fixed them with:
>>>
>>> echo "Tuning network settings according to haproxy..."
>>> echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
>>
>> Never do that! Instead, increase the hashsize and {ip,nf}_conntrack_max is
>> going to be calculated automatically based on this value. If you have a
>> recent 2.6 kernel with conntrack compiled into the kernel all you need to
>> setup is a "ip_conntrack.hashsize=262144" kernel parameter.
>>
>> BTW: which kernel version are you you using?
>>
>> Best regards,
>>
>> Krzysztof Olędzki
>>
>> PS: Plase don't toppost.
> thank's for the advice, I now do it with
> echo 262144 > /sys/module/nf_conntrack/parameters/hashsize
>
> i used to use the standard debian kernel 2.6.22-2-vserver-amd64, but now i
> upgraded to 2.6.22-3-vserver-amd64 because of your advice.
Please make sure 2.6.22-3-vserver-amd64 contains all required fixes
backported. What you need here is:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff_plain;h=5263c68d8f067f8bc4f6dd8bfb4ceb547d60fe7c
and
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.22.y.git;a=commitdiff_plain;h=dec0da2c0b439daf394957660e62824987f9b021
Best regards,
Krzysztof Olędzki Received on 2007/12/05 19:45
This archive was generated by hypermail 2.2.0 : 2007/12/05 20:00 CET