Hi all.
i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes
/etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576
/etc/modprobe.conf options ip_conntrack hashsize=131072
after reboot results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536
cat /sys/module/nf_conntrack/parameters/hashsize 16384
expected results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 1048576
cat /sys/module/nf_conntrack/parameters/hashsize 131072
Fred
On Friday 13 May 2011 07:04:33 Frederick Abrams wrote:
Hi all.
i'm trying to modify some parameters but when system reboots it doesn't load. For the sysctl if I run sysctl -p then it changes
/etc/sysctl.conf net.ipv4.netfilter.ip_conntrack_max = 1048576
/etc/modprobe.conf options ip_conntrack hashsize=131072
after reboot results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 65536
cat /sys/module/nf_conntrack/parameters/hashsize 16384
expected results
cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max 1048576
cat /sys/module/nf_conntrack/parameters/hashsize 131072
It is possible that your iptables modules are loaded after the sysctl.conf is executed. Keep in mind that sysctl.conf is loaded during network startup.
About the options... at least with kernel 2.6.18.0194.el5 the right option is:
options ipt_hashsize 131072
Also keep in mind that you have to remove the '=' sign from modprobe.conf
Marian
Frederick Abrams <fred@...> writes:
...
*** Look at /etc/rc.sysinit, by which time proc is already mounted:
... # Configure kernel parameters update_boot_stage RCkernelparam <================= insert debugging statements BEFORE sysctl sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1 for file in /etc/sysctl.d/* ; do is_ignored_file "$file" && continue test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 done <================= insert debugging statements AFTER sysctl
You can modify this script and add debugging statements before and after this code (marked <===== ), like:
echo "debugging BEFORE sysctl" >> /test.out ls -l /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1 echo "/proc/sys/net/ipv4/netfilter/ip_conntrack_max=" >> /test.out cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1
and repectively
echo "debugging AFTER sysctl" >> /test.out ls -l /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1 echo "/proc/sys/net/ipv4/netfilter/ip_conntrack_max=" >> /test.out cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max >> /test.out 2>&1
*** Also, remember that: - sysctl can load from any other file than sysctl.conf during boot time - 'sysctl -w' can write to and modify proc - echo "..." > /proc/... style entries can do the same from anywhere
So, it may be prudent to scan for these entries in: grep -ir sysctl /etc/rc* grep -ir sysctl /etc/init* grep -ir sysctl /etc/sysconfig grep -ir sysctl /root/
or, just to pick one of your cases:
grep -ir net.ipv4.netfilter.ip_conntrack_max /etc grep -ir net.ipv4.netfilter.ip_conntrack_max /root
*** Last thing to consider. Note that in that script snippet above there is this line
... update_boot_stage RCkernelparam ...
The function update_boot_stage deals with Plymouth. RHGB stands for RedHat Grapical Boot. You can try to remove it (and "quiet" too for a good measure) from Grub kernel boot line, by pressing the 'a' key at Grub startup and editing the kernel command line.
Btw, any funny Grub kernel boot parameters beyond that ?
JB
-
Frederick Abrams -
JB -
Marian Marinov