On Thu, Dec 19, 2002 at 12:52:50AM -0800, Jack Bowling wrote: > ** Reply to message from Jeff Stillwall <[EMAIL PROTECTED]> on > Thu, 19 Dec 2002 02:52:37 -0500 > > > Is there anything I can or must do to optimize this box for routing > > and firewall activities? Some kernel level connection table limits > > I'm hitting? And can I adjust these values without having to > > recompile the kernel...doing so on a production box scares me! > > One recommendation I would make if you have the Gnome libraries loaded > is to go to: > > http://firestarter.sourceforge.net >
I use firestarter on my desktop machine, but many administrators don't want to install gnome / x / etc. on a dedicated firewall or router box. The shorewall firewall (shorewall.sf.net) doesn't have gui wizards, but it comes with full documentation and unless you're doing something really unusual, you could be up and running with it fairly quickly. I've never attempted NAT for that many users, but it's possible (likely?) that a custom kernel tuned specifically for NAT might improve performance. Compiling the kernel doesn't have to be dangerous. You can install the latest redhat kernel src rpm, copy the .config file for your architecture from /usr/src/linux-2.4/configs, make sure the EXTRAVERSION parameter in the Makefile has something unique in it, like maybe -18.7.router, and compile away. When you "make modules_install" the modules will get installed in their own directory in /lib/modules (e.g. 2.4.18-18.7.router) and won't step on your current setup. If you add a new stanza to lilo.conf or grub.conf you can pick whatever kernel you want during bootup. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
