Re: ip_conntrack_max - Fallucchi Antonio

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Fallucchi Antonio <fallucch@cisbic.com>
To: netfilter@lists.netfilter.org
Subject: Re: ip_conntrack_max
Date: Thu, 08 Jul 2004 15:13:09 +0200	[thread overview]
Message-ID: <40ED4865.7020208@cisbic.com> (raw)
In-Reply-To: <200407081152.42618.Antony@Soft-Solutions.co.uk>

Antony Stone wrote:


oh!, excuse me for the html!

>128Mbytes should be enough for a few thousand connections.   As for how many 
>do you need, a starting point is:
>
>1. How any client computers do you have in your LAN accessing the Internet 
>through the firewall? (allow a maximum of 10 connections per PC at any given 
>time - this will be an overestimate, but not by a ridiculous factor).
>
>2. Do you run any servers on your DMZ accessible from the Internet?   Mail 
>servers, web servers, and name servers will all generate different volumes of 
>connections, but if you allow 50-100 connections per server, again that 
>should be a worthwhile estimate.
>
>  
>
very well, thancks.  I have 20 computer in the lan and 5 server.

Another questions: how I can limit the number of connection for every 
computer?

>In that case something is wrong with your system.   626 connections is hardly 
>anything - I do not see how you can be running out of conntrack table entries 
>with only 626 current connections.
>
>What is the value in /proc/sys/net/ipv4/ip_conntrack_max ?
>
>  
>
ip_conntrack_max now is 10240.


bye
Antonio!

next prev parent reply	other threads:[~2004-07-08 13:13 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-08  9:38 ip_conntrack_max Fallucchi Antonio
2004-07-08  9:56 ` ip_conntrack_max Antony Stone
2004-07-08 10:31   ` ip_conntrack_max Fallucchi Antonio
2004-07-08 10:52     ` ip_conntrack_max Antony Stone
2004-07-08 13:13       ` Fallucchi Antonio [this message]
2004-07-08 13:29         ` ip_conntrack_max Antony Stone
2004-07-08 17:02           ` ip_conntrack_max Fallucchi Antonio
2004-07-08 17:21           ` ip_conntrack_max Fallucchi Antonio
2004-07-08 17:42             ` ip_conntrack_max Antony Stone
2004-07-08 15:28         ` ip_conntrack_max James Sneeringer
2004-07-08  9:56 ` ip_conntrack_max Evgeni Vachkov
  -- strict thread matches above, loose matches on Subject: below --
2004-07-08  9:34 ip_conntrack_max Fallucchi Antonio
2003-02-13 19:04 ip_conntrack_max homsher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40ED4865.7020208@cisbic.com \
    --to=fallucch@cisbic.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.