Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sysctl value not loaded for modules #168

Open
fsteinel opened this issue Jan 14, 2017 · 1 comment
Open

sysctl value not loaded for modules #168

fsteinel opened this issue Jan 14, 2017 · 1 comment

Comments

@fsteinel
Copy link

fsteinel commented Jan 14, 2017
edited

sysctl doesn't load the values for modules.
Add those to the /etc/module file

nf_defrag_ipv4
nf_defrag_ipv6
nf_conntrack
nf_conntrack_ipv4
nf_conntrack_ipv6
nf_nat
iptable_nat
ipt_MASQUERADE
xt_comment
xt_conntrack
xt_recent
xt_tcpudp

list of modules determined via:

lsmod |grep -e ^ip -e ^nf_ -e ^xt|sort|less

Tested via

  • before the fix
sysctl -a > tag-2017-01-14-pre-mod-sysctl-fix
  • apply the above fix
  • after the fix
sysctl -a > tag-2017-01-14-after-mod-sysctl-fix
diff -Nup tag-2017-01-14-pre-mod-sysctl-fix tag-2017-01-14-after-mod-sysctl-fix |less

Found this depency while backtracking why net.netfilter.nf_conntrack_max=1048576 was not set.
see #172 for the new file /etc/sysctl.d/conntrack.conf
The file /etc/sysctl.d/conntrack.conf is created at manifests/system.pp
@fsteinel fsteinel mentioned this issue Jan 16, 2017
Closed
fsteinel added a commit to freifunk-kiel/ffki-puppet-gateway-install that referenced this issue Jan 16, 2017
@fsteinel
remove setting conntrack values a second time
325a4e4 
The setting
```net.ipv4.netfilter.ip_conntrack_max = 1048576```
is already set at /etc/sysctl.d/conntrack.conf
and is configurable at
[$conntrack_max](https://github.com/ffnord/ffnord-puppet-gateway/blob/master/manifests/params.pp#L11)
That the values are not set at boot are track at [issue 168](ffnord/ffnord-puppet-gateway#168)
The file creation via puppet is tracked at issue [issue 172](ffnord/ffnord-puppet-gateway#172)
@rubo77
Copy link
Contributor

rubo77 commented May 2, 2017

maybe this is fixed with the hint: https://github.com/ffnord/ffnord-puppet-gateway#on-debian-jessie

modprobe ip_tables
modprobe ip_conntrack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fsteinel @rubo77