As of version 4.9.0, VMmanager automatically changes the settings of the netfilter built-in firewall when a new cluster node is connected. In particular, VMmanager increases the values of net.nf_conntrack_max and net.netfilter.nf_conntrack_max parameters controlling the maximum number of network connections to 1048576. This helps to avoid errors similar to nf_conntrack: table full, dropping packet causing the loss of network packets.
To change these parameters on the connected cluster nodes manually:
- Connect to the server with VMmanager via SSH.
-
Enable ip_conntrack module:
modprobe ip_conntrack -
Set the new value of the parameter net.netfilter.nf_conntrack_max. We recommend to increase that value to 1048576:
echo "net.netfilter.nf_conntrack_max=1048576" >> /etc/sysctl.conf -
To apply the settings, execute the command:
sysctl -p -
Check that the parameters have been changed:
sysctl -a | grep conntrack_maxThe response to the command should look as follows:
net.netfilter.nf_conntrack_max = 1048576 net.nf_conntrack_max = 1048576