please help - iptables drops tcp/ip connections

please help - iptables drops tcp/ip connections

[mohan]

Hi
Please advice, I am running a iptables 1.2.11 on Debian Woody with 2.4.24
kernel. I have a DMZ with 7 machines (4 linux, 3 windows) and 80 Windows
machines on the LAN side.

The windows machines makes a lot of tcp/ip connections with internal
client machines (oracle and java). As certain time (around 4000
simultaneous TCP/IP connections) the machine running iptables drops
connections and failures occur.

Are there any kernel or iptables setting required to be set for such a
large number of connections???
Please advice

Thanks
Mohan

Re: please help - iptables drops tcp/ip connections

[George Alexandru Dragoi]

server:~# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
12288

This is on a machine with 192M RAM, the default of that sysctl value
is proportionalwith the amount of RAM, but it can be changed, afaik
every ip_conntrack entry (/proc/net/ip_conntrack) needs arround
300bytes from RAM.


On Wed, 15 Sep 2004 22:31:24 +0600 (LKT), mohan@roomsnet.com
<mohan@roomsnet.com> wrote:
> Hi
> Please advice, I am running a iptables 1.2.11 on Debian Woody with 2.4.24
> kernel. I have a DMZ with 7 machines (4 linux, 3 windows) and 80 Windows
> machines on the LAN side.
> 
> The windows machines makes a lot of tcp/ip connections with internal
> client machines (oracle and java). As certain time (around 4000
> simultaneous TCP/IP connections) the machine running iptables drops
> connections and failures occur.
> 
> Are there any kernel or iptables setting required to be set for such a
> large number of connections???
> Please advice
> 
> Thanks
> Mohan
> 
> 



-- 
Bla bla