On Fri, 2003-01-17 at 05:50, Sandro Minola wrote:
What does the value 32768 mean? Max. size of the conntrack table
in bytes? Max. # of entries in the table?
I just found out that this value means the number (#) of connections. And
it's currently not set to 32768 (as I misleadingly wrote), it's set to
32760.
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html says
that this is the default value for a 512MB RAM machine.
So it seems that my router can handle 32760 simultaneous connections. Do you
think this is enough for 200 clients and 20 servers?
At a guess, and only a guess, I don't think you will have problems. You
can increase the limit by -
echo 9 /proc/sys/net/ipv4/ip_conntrack_max
Change 9 to what ever you think you need by remember that each
connection uses about 350 bytes of memory so 9*350 is about 35MB but
with 512MB to play with I don't think it will be a problem :-))
If you have concerns then you may want to run a script file that
monitors the number of connections and reports to you by email.
Add a file with -
date -R /tmp/connections
cat /proc/net/ip_conntrack | wc -l /tmp/connections
and get cron to run this every 5 minutes or so and then each hour, 6
hours or what ever you want run the following by cron -
cat /tmp/connections | mail -s Connections report [EMAIL PROTECTED]
rm -f /tmp/connections
This should produce an email something like-
Fri Jan 17 11:23:18 NZDT 2003
31
Fri Jan 17 11:23:42 NZDT 2003
36
With this you can track the load during the day to see what your peak
connections are and also the time of day it happens.
Run it for a week or so to see how your system is going.
If you want to take it a step further then you could create a script
that only emails an alert or warning if the number of connections get
above a certain amount.
--
Lyndsay Roger [EMAIL PROTECTED]
---
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html