2

I have a problem on Ubuntu 10.04.3 LTS x64 with sysctl net.ipv4.netfilter.ip_conntrack_max . If I run this command on shell, I get back an error:

error: net.ipv4.netfilter.ip_conntrack_max" is an unknown key.

It occurred on 2 of our machines after a reboot. The sysctl value net.ipv4.netfilter.ip_conntrack_count and all other conntrack-entries are also affected.

This is really problematic because we have a very high load / traffic system and I have written a Nagios script which check this value, because we had several problems in the past with this value. On other machines I have set the conntrack_max to 196608 to solve any problems but now I can't set the value on the affected machines. Is there set any default value at the moment?

Has anyone an idea to get back the two values on my systems?

Thanks

Khaled
  • 35,688
  • 8
  • 69
  • 98
Arny80Hexa
  • 139
  • 1
  • 4
  • 14

2 Answers2

5

You might be missing a module (I think is nf_conntrack) You should check if you have it on other machines and try to load it (modprobe). If it solves your problem, do not forget to add it to /etc/modules, so it will be loaded at next reboot.

Hope it helps.

Razvan Stefanescu
  • 191
  • 4
  • Thanks. I have compared 2 servers. One of them works fine and the other one whith the nf_conntrack-problem. – Arny80Hexa Dec 07 '11 at 12:45
  • The /etc/modules is identic (only 3 entries "loop, lp, rtc") but when i type "lsmod" in the shell, there are serious differences. On the defective server displayed only 30% of the loaded modules then on the server where is everthing fine. – Arny80Hexa Dec 07 '11 at 12:52
  • 1
    Ok, i have solved it. With: "modprobe nf_conntrack_ipv4" i have manually added the conntrack module and now everything works fine. But how it can happen that after a reboot so many modules suddenly not loaded? – Arny80Hexa Dec 07 '11 at 13:02
  • I can only assume that there was some upgrade (kernel probably) and the modules were not loaded at boot time. I suggest rebooting the server with problems to see if the modules are loaded correctly. – Razvan Stefanescu Dec 07 '11 at 14:59
4
  1. modprobe ip_conntrack
  2. lsmod |grep conn -- if you see entries it means modules have been loaded correctly
  3. sysctl -w -- to write the changes you made under /etc/sysctl.conf
  4. sysctl -p -- to view the changes and see if it was actually loaded.

That is all you need

Kevin Nguyen
  • 189
  • 1
  • 2
  • 8