[Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-12 Thread Ziegler Karel
Hi all, I want to ask how to set up in the right way nf_conntrack_max with shorewall on CentOS 6? If I use CentOS firewall (iptables) nf_conntrack_max is set to the value from /etc/sysctl.conf file. But with shorewall not, should I use /etc/shorewall/start? My configuration: - services: ip6t

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-12 Thread Tom Eastep
On 3/12/12 3:13 PM, "Ziegler Karel" wrote: > > Hi all, > >I want to ask how to set up in the right way nf_conntrack_max with > shorewall on CentOS 6? > > If I use CentOS firewall (iptables) nf_conntrack_max is set to the value from > /etc/sysctl.conf file. But with shorewall not, s

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-12 Thread Ziegler Karel
Hi Tom, did you mean, that should it work generally or should I use something like this: # echo "sysctl -w net.nf_conntrack_max=131072" >> /etc/shorewall/start? Karel Ziegler e-mail:ziegl...@gmail.com On 13.3.2012 00:28, Tom Eastep wrote: > On 3/12/12 3:13 PM,

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread Tuomo Soini
On Tue, 13 Mar 2012 07:36:08 +0100 Ziegler Karel wrote: > Hi Tom, > > did you mean, that should it work generally or should I use > something like this: # echo "sysctl -w net.nf_conntrack_max=131072" >> > /etc/shorewall/start? Using /etc/sysctl.conf should work for shorewall too. -- Tuomo S

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread Tom Eastep
On 03/12/2012 11:57 PM, Tuomo Soini wrote: > On Tue, 13 Mar 2012 07:36:08 +0100 > Ziegler Karel wrote: > >> Hi Tom, >> >> did you mean, that should it work generally or should I use >> something like this: # echo "sysctl -w net.nf_conntrack_max=131072" >> >> /etc/shorewall/start? > > Using /et

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread Tuomo Soini
On Tue, 13 Mar 2012 07:27:14 -0700 Tom Eastep wrote: > >> did you mean, that should it work generally or should I use > >> something like this: # echo "sysctl -w > >> net.nf_conntrack_max=131072" >> /etc/shorewall/start? > > > > Using /etc/sysctl.conf should work for shorewall too. > > > > B

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread Tom Eastep
On 03/13/2012 09:06 AM, Tuomo Soini wrote: > On Tue, 13 Mar 2012 07:27:14 -0700 > Tom Eastep wrote: > did you mean, that should it work generally or should I use something like this: # echo "sysctl -w net.nf_conntrack_max=131072" >> /etc/shorewall/start? >>> >>> Using /etc/sysctl

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread Tuomo Soini
On Tue, 13 Mar 2012 09:15:40 -0700 Tom Eastep wrote: > I suspect that you use /etc/init.d/network rather than NetworkManager? Of course I don't use NetworkManager on servers. I disabled shorewall-init and rebooted and sysctl.conf value for net.netfilter.nf_conntrack_max was not updated. So jus

Re: [Shorewall-users] CentOS6/RHEL6 - net.nf_conntrack_max not applied

2012-03-13 Thread kAja Ziegler
I don't use NetworkManager. What is shorewall-init? The problem is that shorewall load kernel modules after /etc/rc.d/rc.sysinit and during start does not reapply sysctl.conf. -- Karel Ziegler e-mail:ziegl...@gmail.com On Tue, Mar 13, 2012 at 5:15 PM, Tom Eastep wrote: > On 03/13/2012 0