Thanks for the info guys, but actually I'm not so worried about the performance as much as I'm worried about running out of available connections! I'm not a networking guru, and I might be wrong, but we only have 65k source ports to use for NAT eh ? That means 65k outgoing connections right ? And I think I read Linux keeps track of a connection for a few days! or so. This might cause problems running out of connections or consuming too much memory! so I was wondering if I needed to tweak some sysctl settings
One more thing, I don't think I have TOE, how do I know I need one? I mean how to know if the NIC is overloaded On Tue, Feb 26, 2008 at 5:26 AM, John Summerfield < [EMAIL PROTECTED]> wrote: > Ahmed Kamal wrote: > > Hello, > > I will be NAT'ing 2000 users through a rhel5 box as our router is not > able > > to handle the load. What's the recommended settings for that?! > > I imagine I will need to decrease the connection tracking time, and > increase > > the total number of tracked connections?! Any advice is highly > appreciated > > Thanks guys > > I've not had anything like that number of users, and if I had it > wouldn't necessarily reflect the adequacy of your system it depends a > lot on what your users do. Heavy downloaders have different requirements > from casual email and web browsers - email users might not impact the > NAT functionality at all. > > I'd start with installing shorewall; in fact I will be doing just that > shortly. > > I also block traffic in both directions, allowing just that traffic > that's needed. And that applies equally to my home connexion, running > CentOS4. > > If every someone gets _in_ through my security, they still need to be > able to run traffic _out_ to cause any mischief. It's also a handy > indicator if someone attaches a virus-infected laptop to the network. > > > > > > > -- > > Cheers > John > > -- spambait > [EMAIL PROTECTED] [EMAIL PROTECTED] > -- Advice > http://webfoot.com/advice/email.top.php > http://www.catb.org/~esr/faqs/smart-questions.html<http://www.catb.org/%7Eesr/faqs/smart-questions.html> > http://support.microsoft.com/kb/555375 > > You cannot reply off-list:-) > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list >
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
