Modify

Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#8865 closed enhancement (fixed)

nf_conntrack_max and net.netfilter.nf_conntrack_max are not properly set in .37 build.

Reported by: hero18688@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version: Trunk
Keywords: Cc:

Description

I've been building .37 FWs for some ar71xx devices lately.
http://www.right.com.cn/forum/thread-45374-1-1.html
I found that in sysctl -a nf_conntrack_tcp_timeout_established=21600(5 days) is too large. While net.netfilter.nf_conntrack_max=3870 is a little bit small.
And I noticed that 'net.ipv4.netfilter.ip_conntrack_max' is not in .37 'sysctl -a'.Is one of the kernel changes or missing?

Attachments (0)

Change History (4)

comment:1 follow-up: Changed 7 years ago by anonymous

原来兄台也上这里提问啊 你的问题我解决了
try edit /etc/sysctl.conf

kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.core.netdev_max_backlog=30
'''net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=65535
net.netfilter.nf_conntrack_tcp_timeout_established=3600
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180'''
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=65535
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
net.ipv6.conf.all.forwarding=1

# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0

comment:2 in reply to: ↑ 1 Changed 7 years ago by anonymous

Replying to anonymous:

原来兄台也上这里提问啊 你的问题我解决了
try edit /etc/sysctl.conf

kernel.panic=3
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=30
net.ipv4.tcp_keepalive_time=120
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=0
net.core.netdev_max_backlog=30
'''net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=65535
net.netfilter.nf_conntrack_tcp_timeout_established=3600
net.netfilter.nf_conntrack_udp_timeout=60
net.netfilter.nf_conntrack_udp_timeout_stream=180'''
net.ipv4.netfilter.ip_conntrack_checksum=0
net.ipv4.netfilter.ip_conntrack_max=65535
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=3600
net.ipv4.netfilter.ip_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
net.ipv6.conf.all.forwarding=1

# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0

I'm suggesting the developers to alter the setting not asking.I known that we can set this by ourself.But many normal user don't know how to set.

comment:3 Changed 7 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

fixed in r26204

comment:4 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.