Fixing error: “net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv” is an unknown key on Debian Linux

Tuesday, 22nd March 2011

If you’re trying to tune up your:

net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 30
net.ipv4.netfilter.ip_conntrack_max = 1048576

in /etc/sysctl.conf and you come across the error messages;

"net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv" is an unknown key
"net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait" is an unknown key
"net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait" is an unknown key
"net.ipv4.netfilter.ip_conntrack_max" is an unknown key

whether you’re executing:

debian:~# sysctl -p

in order to make the net.ipv4.netfilter.* values to be set as a kernel values to iptables, you need to modify your /etc/modules file and add the nf_conntrack_ftp in it, here is how:

echo 'nf_conntrack_ftp' >> /etc/modules

Now to make the new settings be reloaded issue the command:

debian:~# sysctl -p

Now the values will be properly set and you will see no longer the is an unknown key error messages like so:

net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 30
net.ipv4.netfilter.ip_conntrack_max = 1048576

Share this on:

Download PDFDownload PDF

Tags: , , ,

3 Responses to “Fixing error: “net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv” is an unknown key on Debian Linux”

  1. SearchingHelp says:
    Google Chrome 18.0.1025.168 Google Chrome 18.0.1025.168 Windows 7 Windows 7
    Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19

    Not working
    I still get
    error: “net.ipv4.netfilter.ip_conntrack_max” is an unknown key

    CentOS 5.3 with kernel 2.6.32-042stab044.11

    View CommentView Comment
    • admin says:
      Epiphany 2.30.6 Epiphany 2.30.6 Debian GNU/Linux x64 Debian GNU/Linux x64
      Mozilla/5.0 (X11; U; Linux x86_64; bg-bg) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+ Debian/squeeze (2.30.6-1) Epiphany/2.30.6

      Hi Maybe, the netfilter kernel variable is named differently on your host.
      Check with:
      # /sbin/sysctl -a|grep -i net.ipv4.netfilter
      and try to set proper kernel var.

      Also this might happen if your Linux kernel is running inside a virtual machine, is that your case?

      View CommentView Comment
      • AnythingReally says:
        Firefox 16.0 Firefox 16.0 Ubuntu x64 Ubuntu x64
        Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0

        > this might happen if your Linux kernel is running inside a virtual machine, is that your case?

        Don’t know about SearchingHelp but it’s my case, the kernel modules seem to be there but it still throws:
        error: “net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait” is an unknown key

        on a Xen PV VPS. What is the problem there?

        View CommentView Comment

Leave a Reply

CommentLuv badge