ip_conntrack_max?

[Geffrey Velásquez]

Hi Patrick, I have running kernel 2.4.16 and iptables 1.2.4.

First pached with most-of-pom, then with patc-o-matic, later I recompiled the 
kernel and modules.

I don't see --> /proc/sys/net/ipv4/netfilter <-- created, but I have modules 
like psd and match string working, with this I think that really the kernel 
was patched.


What is working bad? 


> >from patch-o-matic, the timeouts can be configured through entries
>
> under /proc/sys/net/ipvt/netfilter/.


Thanks in advance,

Best regards.

Geffrey


El Mar 25 Dic 2001 14:47, Patrick Schaaf escribió:
> Raj,
>
> > Is it required to recompile the kernel (make dep clean bzImage) and the
> > modules (make modules modules_install) OR is just recompiling the kernel
> > is good enough?
>
> The timeouts are in net/ipv4/netfilter/ip_conntrack_proto_tcp.c.
> If you have compiled in the ipfilter-based conntracking code
>
> >from patch-o-matic, the timeouts can be configured through entries
>
> under /proc/sys/net/ipvt/netfilter/. Otherwise, you have to
> modify the source (see the tcp_timeouts[] array - it's obvious).
> Whether you need to recompile a module, or the kernel, depends on
> your current answer to the "Connection tracking" kernel compile
> option (check with "grep CONFIG_IP_NF_CONNTRACK .config"); if that's
> selected as a module, you need to recompile that module, if it's builtin,
> you have to recompile and reboot the kernel.
>
> Hope this helps
>   Patrick