Hello.
I am trying to modify nf_conntrack options
in /etc/sysctl.conf i have :
and in /etc/network/interfaces i have :
Every time when i restart Proxmox i still get the default values, why is that?
And why i get so many nf_conntrack connections?
==> nf_conntrack_count <==
105421
Sometimes i can even have 400.000+ and most of them are ESTABLISHED :
I am using the VM for web crawling running a multi-threaded app.
I am trying to modify nf_conntrack options
in /etc/sysctl.conf i have :
Code:
net.netfilter.nf_conntrack_generic_timeout=60
net.netfilter.nf_conntrack_icmp_timeout=10
#net.netfilter.nf_conntrack_tcp_timeout_close=10
net.netfilter.nf_conntrack_tcp_timeout_close_wait=20
net.netfilter.nf_conntrack_tcp_timeout_established=1800
net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30
#net.netfilter.nf_conntrack_tcp_timeout_last_ack=30
#net.netfilter.nf_conntrack_tcp_timeout_max_retrans=300
net.netfilter.nf_conntrack_tcp_timeout_syn_recv=30
net.netfilter.nf_conntrack_tcp_timeout_syn_sent=60
net.netfilter.nf_conntrack_tcp_timeout_time_wait=60
#net.netfilter.nf_conntrack_tcp_timeout_unacknowledged=300
#net.netfilter.nf_conntrack_udp_timeout=30
net.netfilter.nf_conntrack_udp_timeout_stream=60
and in /etc/network/interfaces i have :
Code:
auto vmbr1
iface vmbr1 inet static
address 192.168.10.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
# give internet to this network
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 60 > /proc/sys/net/netfilter/nf_conntrack_generic_timeout;
post-up echo 10 > /proc/sys/net/netfilter/nf_conntrack_icmp_timeout;
post-up echo 10 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close;
post-up echo 20 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_close_wait;
post-up echo 1800 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established;
post-up echo 30 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_fin_wait;
post-up echo 30 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_last_ack;
post-up echo 300 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_max_retrans;
post-up echo 30 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_recv;
post-up echo 60 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_syn_sent;
post-up echo 60 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait;
post-up echo 300 > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_unacknowledged;
post-up echo 30 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout;
post-up echo 60 > /proc/sys/net/netfilter/nf_conntrack_udp_timeout_stream;
Every time when i restart Proxmox i still get the default values, why is that?
And why i get so many nf_conntrack connections?
==> nf_conntrack_count <==
105421
Sometimes i can even have 400.000+ and most of them are ESTABLISHED :
Code:
conntrack -L | cut -d " " -f9 | sort | uniq -c | sort -nr
conntrack v1.4.5 (conntrack-tools): 66510 flow entries have been shown.
46345 ESTABLISHED
6490 TIME_WAIT
5658 SYN_SENT
3834 CLOSE
2101 SYN_RECV
1093 LAST_ACK
949 FIN_WAIT
34 CLOSE_WAIT
I am using the VM for web crawling running a multi-threaded app.