nat table full but nf_conntrack_max is being reset by ...?

[Adrian Holte]

Hi all,

following problem:

the conntrack table on the proxmox v4 instances is getting full, with all the typical sympthoms like

"
[ 3414.977914] nf_conntrack: table full, dropping packet
[ 3414.977952] nf_conntrack: table full, dropping packet
[ 3414.977989] nf_conntrack: table full, dropping packet
[ 3414.978026] nf_conntrack: table full, dropping packet
[ 3414.978063] nf_conntrack: table full, dropping packet
[ 3420.196220] net_ratelimit: 271 callbacks suppressed
[ 3420.196256] nf_conntrack: table full, dropping packet
[ 3420.196296] nf_conntrack: table full, dropping packet
[ 3420.196349] nf_conntrack: table full, dropping packet
[ 3420.196388] nf_conntrack: table full, dropping packet
[ 3420.197424] nf_conntrack: table full, dropping packet
[ 3420.197466] nf_conntrack: table full, dropping packet
[ 3420.198579] nf_conntrack: table full, dropping packet
[ 3420.198642] nf_conntrack: table full, dropping packet
[ 3420.198683] nf_conntrack: table full, dropping packet
[ 3420.199286] nf_conntrack: table full, dropping packet
"

messages, connectivity problems etc.

I know what is to do in such cases, 've done many times before.
But.

Here, on the proxmox-server, when i do set the nf_conntrack_max values using

sysctl -w net.netfilter.nf_conntrack_max=300000

the value is BEING RESET several seconds later back to the default of 65536.

Question is - by which of the Proxmox services is it done???
PVE-Firewall, would be my assumption.

Then, how can it be "persisted"??

Thanks a lot!

Greetings

 

[wbumiller]

If you use the PVE firewall then it's controlled by that, too.
Check: Datacenter => $YourNode => Firewall => Options => nf_conntrack_max

 

[Adrian Holte]

well, if i turn off the "pve-firewall" and change the value, then it remains untouched.

so it's definitely the "pve-firewall"s "fault".

will try to find out how to circumvent or to configure it..

 

[Adrian Holte]

ah

thx for the reply.

 

[Adrian Holte]

great, works

[SOLVED]