Fedora Linux Support Community & Resources Center
  #1  
Old 17th December 2008, 12:13 AM
wuhaa Offline
Registered User
 
Join Date: Dec 2008
Posts: 3
Disabling netfilter on fedora 10

Hi,

I have a fedora 10 server set as a router. I want to disable the netfilter as it is causing the server to slow down and the soft-irqs are going really high. The /var/log/messages is showing the following:

Code:
Dec 16 05:13:18 router kernel: __ratelimit: 7 callbacks suppressed
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:18 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:19 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
Dec 16 05:13:20 router kernel: nf_conntrack: table full, dropping packet.
The firewall is disabled and the and the kernel limits have been set in sysctl.conf:

Code:
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
I have tried to set the limit of the nf_conntrack higher, but as i set the limit higher, the table is being populated even more. The current limit is:

Code:
net.core.netdev_max_backlog = 250000
net.nf_conntrack_max = 1950000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_acct = 0
Now, is there a way to completely disable the netfilter or ip_conntrack. Also its worth noting that there is no module for ip_conntrack in fc10. It seems to be compiled into the kernel...

Thanks in advance...
Reply With Quote
Reply

Tags
netfilter ip_conntrack

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipv6 netfilter fazzeta Servers & Networking 0 29th October 2008 02:00 AM
VPN passing through netfilter?? Zotter Servers & Networking 1 15th October 2007 08:42 PM
Netfilter vs IPTables... ACCP-James Installation, Upgrades and Live Media 2 22nd March 2007 06:02 AM
netfilter iptables ryanclaw Servers & Networking 3 16th May 2005 03:54 PM
iptables Netfilter nocolour Using Fedora 1 21st August 2004 11:02 AM


Current GMT-time: 12:02 (Saturday, 24-06-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat