You don't. Maybe that's conntrack's default, but you can set it to a higher
number manually. The required memory is approx 400b per connection (depends on
iptables/kernel compile time options). The rather conservative default (hashsize
= 1/16384th of RAM) is for a generic system. For more info loo
Yes. In fact most cases of "advanced" firewalling only mean that you have a
stupid fw-design, like hundreds/thousands of rules in one chain :-). Usually can
be optimised by using sub-chains, ipset and/or ipt_ACCOUNT.
If someone has hundreds of rules in one chain (with out a _*VERY*_ good reason
Hello, i am writing a GUI for the tc. I am almost there, but i need
some guideness...
For every class/qdisc i have the bytes sents, dropped, borrowed,
overlimits data for statistics, and i want to plot them on a graph.
What data and how would yuu find it usefull to see plotted on a graph?
I need
Here's a peculiar one. I'm trying to simulate some speed effects due to
varying sized packets so I have written a quick perl app which spits out
packets of a fixed size (<1500 bytes). What I'm finding is the despite
apparently turning off nagle and everything else I can think of I still
notic
http://developer.osdl.org/dev/iproute2/download/iproute2-050816.tar.gz
Update to iproute2 to include:
* Limit ip neigh flush to 10 rounds
* tc ematch support (thomas)
* build cleanups (thomas, et al)
* Fix for options process with ipt (jamal)
* Fix array ove
On Tuesday 16 August 2005 21:37, Gabriel wrote:
> If I wanted to create classes for every client on the network, I would
> have to use iptables to mark packets (using -j MARK) and not
> filters because, according to
> http://www.docum.org/docum.org/kptd/ the shaping is done
> after the SNAT, so al
Hello,
How much maximum filter rule we can create with tc filter ?
TIA,
Daniel
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hi, I've read the documentation about HTB and I pretty much
managed to grasp how it works. In theory. But there still
are some questions and I want to check with you to see if I
understand things correctly. So here goes:
1) when used on a router for shaping traffic done by
clients connected to it,
Also,
On Tue, 16 Aug 2005 11:38:06 -0500 "Taylor, Grant" <[EMAIL PROTECTED]>
wrote:
>+If you are not doing much in the way if *VERY* *ADVANCED*
>+firewalling, just basic source and / or destination IP v
>alidation and / or source and / or destination port validation will not need
>+much of a
On Tue, 16 Aug 2005 11:38:06 -0500 "Taylor, Grant" <[EMAIL PROTECTED]>
wrote:
>I ended up
>+allocating 1 GB of RAM to just connection tracking. In fact you need 1 GB (or
>+very close to) to be able to track 65535 connections.
You don't. Maybe that's conntrack's default, but you can set it to a hi
Memory will most definitely be your problem. I think you could get away with a
fairly low end processor (read < 1 GHz) but you will need a lot of memory
depending on how much you want to do. I have a router in place that I was
running out of memory for the connection tracking sub system. I en
Hi there... i want to write some c code so as i can
read and change the configurartion from a diff serv
that has cbq tbf and htb... Pokinh around all this
time i have noticed that libnl and lql libraries are
not completely implemented so i need something else to
do my jobb. I dont know what do u wa
Hello, Mihai,
On Mon, 15 Aug 2005 23:53:38 +0300
"Mihai Vlad" <[EMAIL PROTECTED]> wrote:
> Hey guys,
>
> I am planning to buy some components for a Linux router that will
> handle the Internet access of 200 computers (includes tc shaping) and
> some inter sub-network routing (at least 100MBps pe
On Tue, Aug 16, 2005 at 06:11:26AM +0200, Daniel Frederiksen wrote:
> Ok folks, here goes..
>
> I have been boggling with a problem for the past week, and still haven't
> found a solution..
>
> I'm trying to route traffic from two providers through a Linux machine.
> But that is not the problem.
14 matches
Mail list logo
