Hi all,
following problem:
the conntrack table on the proxmox v4 instances is getting full, with all the typical sympthoms like
"
[ 3414.977914] nf_conntrack: table full, dropping packet
[ 3414.977952] nf_conntrack: table full, dropping packet
[ 3414.977989] nf_conntrack: table full, dropping packet
[ 3414.978026] nf_conntrack: table full, dropping packet
[ 3414.978063] nf_conntrack: table full, dropping packet
[ 3420.196220] net_ratelimit: 271 callbacks suppressed
[ 3420.196256] nf_conntrack: table full, dropping packet
[ 3420.196296] nf_conntrack: table full, dropping packet
[ 3420.196349] nf_conntrack: table full, dropping packet
[ 3420.196388] nf_conntrack: table full, dropping packet
[ 3420.197424] nf_conntrack: table full, dropping packet
[ 3420.197466] nf_conntrack: table full, dropping packet
[ 3420.198579] nf_conntrack: table full, dropping packet
[ 3420.198642] nf_conntrack: table full, dropping packet
[ 3420.198683] nf_conntrack: table full, dropping packet
[ 3420.199286] nf_conntrack: table full, dropping packet
"
messages, connectivity problems etc.
I know what is to do in such cases, 've done many times before.
But.
Here, on the proxmox-server, when i do set the nf_conntrack_max values using
sysctl -w net.netfilter.nf_conntrack_max=300000
the value is BEING RESET several seconds later back to the default of 65536.
Question is - by which of the Proxmox services is it done???
PVE-Firewall, would be my assumption.
Then, how can it be "persisted"??
Thanks a lot!
Greetings
following problem:
the conntrack table on the proxmox v4 instances is getting full, with all the typical sympthoms like
"
[ 3414.977914] nf_conntrack: table full, dropping packet
[ 3414.977952] nf_conntrack: table full, dropping packet
[ 3414.977989] nf_conntrack: table full, dropping packet
[ 3414.978026] nf_conntrack: table full, dropping packet
[ 3414.978063] nf_conntrack: table full, dropping packet
[ 3420.196220] net_ratelimit: 271 callbacks suppressed
[ 3420.196256] nf_conntrack: table full, dropping packet
[ 3420.196296] nf_conntrack: table full, dropping packet
[ 3420.196349] nf_conntrack: table full, dropping packet
[ 3420.196388] nf_conntrack: table full, dropping packet
[ 3420.197424] nf_conntrack: table full, dropping packet
[ 3420.197466] nf_conntrack: table full, dropping packet
[ 3420.198579] nf_conntrack: table full, dropping packet
[ 3420.198642] nf_conntrack: table full, dropping packet
[ 3420.198683] nf_conntrack: table full, dropping packet
[ 3420.199286] nf_conntrack: table full, dropping packet
"
messages, connectivity problems etc.
I know what is to do in such cases, 've done many times before.
But.
Here, on the proxmox-server, when i do set the nf_conntrack_max values using
sysctl -w net.netfilter.nf_conntrack_max=300000
the value is BEING RESET several seconds later back to the default of 65536.
Question is - by which of the Proxmox services is it done???
PVE-Firewall, would be my assumption.
Then, how can it be "persisted"??
Thanks a lot!
Greetings