Commit 686c632e authored by Leigh B Stoller's avatar Leigh B Stoller

Set a couple of nf_conntrack variables to avoid overflowing NAT

tables.
parent 2c8209ca
......@@ -511,6 +511,18 @@ sub rootPreConfig($)
TBScriptUnlock();
return -1;
}
#
# Need these to avoid overflowing the NAT tables.
#
mysystem("$SYSCTL -w ".
" net.ipv4.netfilter.ip_conntrack_generic_timeout=120");
mysystem("$SYSCTL -w ".
" net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000");
mysystem("$SYSCTL -w ".
" net.netfilter.nf_conntrack_max=131071");
mysystem("echo 16384 > /sys/module/nf_conntrack/parameters/hashsize");
mysystem("touch /var/run/xen.ready");
TBScriptUnlock();
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment