Administered by:
oh my fucking god i think i solved the fucking DNS timeout issues
DNS is handled by my VPS
my VPS is also a NATing firewall (on wireguard)sysctl net.netfilter.nf_conntrack_max scales with ram
said VPS has 0.5 GB RAM
the sysctl was set to 4096 (a usual value is more like >=128k)
dmesg was flooded with nf_conntrack: table full, dropping packet
@deneb If you don't need port translation, consider static nat using `tc-nat(8)`.
@rw i do need it i think; i egress some traffic from other devices using the VPS' public IP
are there any concerns with just raising the sysctl value?
(nf_conntrack_count is between 5500 and 6000 atm)
@deneb Well, as long you are aware of the memory foot print, all good.
Have an eye on the nf_conntrack slab (/proc/slabinfo).
Have an eye on the nf_conntrack slab (/proc/slabinfo).
@rw aight, great to know, thanks!
@deneb a 4k connection table.. oh my god. the 90s called, they want their dialup networks back..