VMmanager: Administrator guide
en En
es Es
Your feedback is an opportunity for improvement!
Take part in the survey and contribute to the development of the ISPsystem ecosystem.
Take the survey
Documentation
/
VMmanager: Administrator guide
/
Q&A
/
How to change netfilter parameters?

How to change netfilter parameters?

As of version 4.9.0, VMmanager automatically changes the settings of the netfilter built-in firewall when a new cluster node is connected. In particular, VMmanager increases the values of net.nf_conntrack_max and net.netfilter.nf_conntrack_max parameters controlling the maximum number of network connections to 1048576. This helps to avoid errors similar to nf_conntrack: table full, dropping packet causing the loss of network packets.

To change these parameters on the connected cluster nodes manually:

  1. Connect to the server with VMmanager via SSH.

  2. Enable ip_conntrack module:

    modprobe ip_conntrack

  3. Set the new value of the parameter net.netfilter.nf_conntrack_max. We recommend to increase that value to 1048576:

    echo "net.netfilter.nf_conntrack_max=1048576" >> /etc/sysctl.conf

  4. To apply the settings, execute the command:

    sysctl -p

  5. Check that the parameters have been changed:

    sysctl -a | grep conntrack_max

    The response to the command should look as follows:

    net.netfilter.nf_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

The article was last updated on 10.27.2022. The article was prepared by technical writers of ISPsystem.