RE: [leaf-user] Puzzling syslog messages

Fri, 03 Mar 2006 05:29:05 -0800 

Jim,

No sweat!

I'm not certain on the rejected packets.  My gut says that shorewall logs
would not be generated because of dropped packets, but my gut has been wrong
before!

This is what I did.  I'll bet this will make your firewall happy if you have
the RAM:

First, I followed this advice from one of those links:  On systems with
enough memory and where performance really matters, you can
consider trying to get an average of one conntrack entry per hash bucket,
which means HASHSIZE = CONNTRACK_MAX.

In modules, I added the hashsize param to the ip_conntrack entry:
        ip_conntrack hashsize=65536

In sysctrl.conf, I added
        net.ipv4.netfilter.ip_conntrack_max=65536

- Bob Coffman

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jim Ford
Sent: Thursday, March 02, 2006 6:16 PM
To: leaf-user
Subject: RE: [leaf-user] Puzzling syslog messages


 
 Jim,
 
 Your NAT tracking table is full.  Take a look at
http://leaf.sourceforge.net/doc/guide/bucu-conntrack.html for info on
increasing that.
 
 Thanks for the reply, Bob.

I guess the table has filled because I've been using a lot of bitorrents
lately. Will the full NAT tracking table cause all the rejected packets I'm
seeing?

Jim Ford
 



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
------------------------------------------------------------------------
leaf-user mailing list: [email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/

Reply via email to