\/var\/log\/messages \ud30c\uc77c\uc5d0 \uc544\ub798\uc640 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c packet drop \ud604\uc0c1\uc774 \uc9c0\uc18d\uc801\uc73c\ub85c \ubc1c\uc0dd\ud560 \uacbd\uc6b0<\/p>\n
(iptables\ub97c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\ub294 \uacbd\uc6b0\ub294 \ud574\ub2f9 \uc0ac\ud56d \uc5c6\uc74c)
\nMar 12 13:40:34 localhost kernel: printk: 5990 messages suppressed.<\/p>\n
Mar 12 13:40:34 localhost kernel: ip_conntrack: table full, dropping packet.<\/p>\n
<\/p>\n
\ucee4\ub110 \ud30c\ub77c\ubbf8\ud130 \uac12\uc911 net.ipv4.ip_conntrack_max \uac12\uc744 \ub298\ub824 \uc900\ub2e4.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
1. \ud604\uc7ac \uc124\uc815\uac12\uc744 \ud655\uc778<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -a | grep net.ipv4.ip_conntrack_max<\/p>\n
net.ipv4.ip_conntrack_max = 65536<\/p>\n
<\/p>\n
[root@localhost ~]# cat \/proc\/sys\/net\/ipv4\/ip_conntrack_max<\/p>\n
65536<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
2. \ucee4\ub110 \ud30c\ub77c\ubbf8\ud130 \ubcc0\uacbd \uc801\uc6a9<\/p>\n
<\/p>\n
sysctl -w \ub098 echo \uba85\ub839\uc73c\ub85c \/proc\/sys\/net\/ipv4\/ip_conntrack_max \uc5d0 \ubc14\ub85c \uc801\uc6a9\ud560 \uc218 \ub3c4 \uc788\uc9c0\ub9cc,<\/p>\n
\ub9ac\ubd80\ud305\ud560 \uacbd\uc6b0\uc5d0\ub3c4 \uc801\uc6a9\ub418\ub3c4\ub85d \ud558\uae30 \uc704\ud574\uc11c \/etc\/sysctl.conf \ud30c\uc77c\uc5d0 \ucd94\uac00 \ud6c4 sysctl -p\ub85c \uc801\uc6a9
\nnet.ipv4.ip_conntrack_max = 1048576<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -p<\/p>\n
net.ipv4.ip_forward = 0<\/p>\n
net.ipv4.conf.default.rp_filter = 1<\/p>\n
net.ipv4.conf.default.accept_source_route = 0<\/p>\n
kernel.sysrq = 0<\/p>\n
kernel.core_uses_pid = 1<\/p>\n
net.ipv4.tcp_syncookies = 1<\/p>\n
kernel.msgmnb = 65536<\/p>\n
kernel.msgmax = 65536<\/p>\n
kernel.shmmax = 68719476736<\/p>\n
kernel.shmall = 4294967296<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 1048576<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -a | grep ip_conntrack_max<\/p>\n
net.ipv4.ip_conntrack_max = 1048576<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 1048576
\n– iptables\ub97c \ub9ac\uc2a4\ud0c0\ud2b8 \ud558\ub294 \uacbd\uc6b0, \uc124\uc815\uac12\uc774 default\ub85c \ub418\ub3cc\uc544 \uac00\ub294 \ud604\uc0c1\uc774 \ubc1c\uc0dd\ud55c\ub2e4.<\/p>\n
\uc774\ub294 iptables \uc758 \ubc84\uadf8\ub85c iptables \ub97c \ucd5c\uc2e0 \ubc84\uc804\uc778 iptables-1.3.5-9.1.el5 \uc774\uc0c1\uc758 \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8 \ud558\uace0,<\/p>\n
\/etc\/sysconfig\/iptables-config \ud30c\uc77c\uc5d0 \uc124\uc815 \ucd94\uac00<\/p>\n
<\/p>\n
[root@localhost ~]# \/etc\/init.d\/iptables restart<\/p>\n
Flushing firewall rules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 [ \u00a0OK \u00a0]<\/p>\n
Setting chains to policy ACCEPT: filter \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Unloading iptables modules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Applying iptables firewall rules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Loading additional iptables modules: ip_conntrack_netbios_n[ \u00a0OK \u00a0]<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -a | grep ip_conntrack_max<\/p>\n
net.ipv4.ip_conntrack_max = 65536<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 65536<\/p>\n
3. iptables \ubc84\uc804 update<\/p>\n
<\/p>\n
[root@localhost ~]# yum update iptables<\/p>\n
<\/p>\n
[root@localhost ~]# rpm -qa | grep iptables<\/p>\n
iptables-1.3.5-9.1.el5<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
4. \/etc\/sysconfig\/iptables-config \ud30c\uc77c\uc5d0 \ucd94\uac00
\nIPTABLES_SYSCTL_LOAD_LIST=”.ip_conntrack .bridge-nf”<\/p>\n
5. sysctl -p\ub85c sysctl.conf \ud30c\uc77c \uc7ac \uc801\uc6a9 \ubc0f iptables restart \ud6c4 \ud14c\uc2a4\ud2b8<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -p<\/p>\n
net.ipv4.ip_forward = 0<\/p>\n
net.ipv4.conf.default.rp_filter = 1<\/p>\n
net.ipv4.conf.default.accept_source_route = 0<\/p>\n
kernel.sysrq = 0<\/p>\n
kernel.core_uses_pid = 1<\/p>\n
net.ipv4.tcp_syncookies = 1<\/p>\n
kernel.msgmnb = 65536<\/p>\n
kernel.msgmax = 65536<\/p>\n
kernel.shmmax = 68719476736<\/p>\n
kernel.shmall = 4294967296<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 1048576<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -a | grep ip_conntrack_max<\/p>\n
net.ipv4.ip_conntrack_max = 1048576<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 1048576<\/p>\n
<\/p>\n
[root@localhost ~]# \/etc\/init.d\/iptables restart<\/p>\n
Flushing firewall rules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 [ \u00a0OK \u00a0]<\/p>\n
Setting chains to policy ACCEPT: filter \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Unloading iptables modules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Applying iptables firewall rules: \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ \u00a0OK \u00a0]<\/p>\n
Loading additional iptables modules: ip_conntrack_netbios_n[ \u00a0OK \u00a0]<\/p>\n
<\/p>\n
[root@localhost ~]# sysctl -a | grep ip_conntrack_max<\/p>\n
net.ipv4.ip_conntrack_max = 1048576<\/p>\n
net.ipv4.netfilter.ip_conntrack_max = 1048576<\/p>\n","protected":false},"excerpt":{"rendered":"
\/var\/log\/messages \ud30c\uc77c\uc5d0 \uc544\ub798\uc640 \uac19\uc740 \ud615\uc2dd\uc73c\ub85c packet drop \ud604\uc0c1\uc774 \uc9c0\uc18d\uc801\uc73c\ub85c \ubc1c\uc0dd\ud560 \uacbd\uc6b0 (iptables\ub97c \uc0ac\uc6a9\ud558\uc9c0 \uc54a\ub294 \uacbd\uc6b0\ub294 \ud574\ub2f9 \uc0ac\ud56d \uc5c6\uc74c) Mar 12<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,7],"tags":[],"_links":{"self":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/239"}],"collection":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=239"}],"version-history":[{"count":0,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/239\/revisions"}],"wp:attachment":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=239"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}