Commit 744ec52e authored by Leigh B Stoller's avatar Leigh B Stoller

nf_conntrack changes to avoid overflowing NAT table.

parent 8311c7f3
......@@ -554,6 +554,17 @@ sub vz_rootPreConfig($)
TBScriptUnlock();
return -1;
}
#
# Need these to avoid overflowing the NAT tables.
#
mysystem("sysctl -w ".
" net.netfilter.nf_conntrack_generic_timeout=120");
mysystem("sysctl -w ".
" net.netfilter.nf_conntrack_tcp_timeout_established=54000");
mysystem("sysctl -w ".
" net.netfilter.nf_conntrack_max=131071");
mysystem("echo 16384 > /sys/module/nf_conntrack/parameters/hashsize");
mysystem("touch /var/run/openvz.ready");
TBScriptUnlock();
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment