[lvs-users] IPVS/DR ip_conntrack: table full, dropping packet at squid server

Graeme Fowler graeme at graemef.net
Wed Jun 13 09:06:27 BST 2007 

On Wed, 2007-06-13 at 10:22 +0700, Wiboon Warasittichai wrote:
> After I asked you how to work around with ip_conntrack table full, I 
> tried with suggestion to use NOTRACK in squid box for port 3128. Number 
> of ip_conntrack connections still increase till maximum limit.

...that usage of port 3128 was an example. Looking back, I see you're
using port 8080. It would really help if you'd actually said that
instead of burying it in some output!

Try it again, but with 8080 instead.

> I found a trick in google search.
> Setting a system config in /etc/sysctl.conf with
> net.ipv4.netfilter.ip_conntrack_tcp_loose = 0
> will drop all packets like I mention above.

Erm... I'm not sure that will do what you need it to. I'm not sure, in
fact, what that does!

If you try the NOQUEUE target again with *your configuration*, not my
example, then see what it does.

Graeme

Search lvs-users Archives
Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
More information about the lvs-users mailing list