First of all, let us see what IP_CONNTRACK is. It is nothing but the number of sessions that can be handled simultaneously by netfilter in kernel memory.
A) Temporarily, you can increase this by echoing a high value to ip_conntrack_max file.
# echo >> /proc/sys/net/ipv4/ip_conntrack_max
B) The permanent solution is to append it directly to the kernel parameters:
# vi /etc/sysctl.conf
# Append this line
>> net.ipv4.ip_conntrack_max = CONNTRACK_MAX
where,
CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (x / 32)
where x is the number of bits in a pointer (for example, 32 or 64 bits).
To save the changes quit the editor and execute the command:
# sysctl -p
C) If you love shell commands, use the following command:
# sysctl -w net.ipv4.ip_conntrack_max=CONNTRACK_MAX and then run
# sysctl -p
To see the new value you can "cat /proc/sys/net/ipv4/ip_conntrack_max" file.
or
# sysctl -a | grep conntrack
D) For servers having APF firewall, you need to adopt a different method since most of the sysctl parameters are loaded by APF.
# Open APF configuration file “/etc/apf/conf.apf”.
# Locate the parameter “SYSCTL_CONNTRACK”, replace the value and then restart APF.
--------------
Thanks.
