From: "Walter D. Wyndroski" <wdwrn@friendlycity.net>
To: lartc@vger.kernel.org
Subject: Re: Re[2]: [LARTC] Connection Tracking - How Many???
Date: Fri, 26 Sep 2003 21:10:13 +0000 [thread overview]
Message-ID: <marc-lartc-106461090523616@msgid-missing> (raw)
In-Reply-To: <marc-lartc-106459768708009@msgid-missing>
From the documentation links on www.netfilter.org -->
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
How many connections that the connection tracking table can hold depends
upon a variable that can be set through the ip-sysctl functions in recent
kernels. The default value held by this entry varies heavily depending on
how much memory you have. On 128 MB of RAM you will get 8192 possible
entries, and at 256 MB of RAM, you will get 16376 entries. You can read and
set your settings through the /proc/sys/net/ipv4/ip_conntrack_max setting.
Walt
----- Original Message -----
From: "Peteris Krumins" <newsgroups@lf.lv>
To: "Walter D. Wyndroski" <wdwrn@friendlycity.net>
Cc: <lartc@mailman.ds9a.nl>
Sent: Friday, September 26, 2003 1:32 PM
Subject: Re[2]: [LARTC] Connection Tracking - How Many???
> Thursday, September 25, 2003, 10:35:39 PM, you wrote:
>
> WDW> Sorry, I must have missed it when reading the netfilter howto. I
> WDW> found it later when reading through it again: approx 32,000
connections
> WDW> per 512 megs of ram.
>
> Wrong.
> 1 conntrack entry = 292 Bytes.
> 512*1024 = 524800 KiloBytes
> 524800*1024 = 537395200 Bytes
>
> 537395200 / 292 = 1840394 connections.
>
> Of course this would simply kill the cpu.
> I am doing 35000 connection trackings at the moment at
> aprox. less than 80mb of ram on 266Mhz PII..
>
>
> P.Krumins
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
****************************************************************************
******************
> * This message has been scanned by CityNET's email scanner for viruses and
dangerous content *
> * and is believed to be clean. CityNET is proud to use MailScanner. For
more information *
> * concerning MailScanner, visit http://www.mailscanner.info
*
>
****************************************************************************
******************
>
**********************************************************************************************
* This message has been scanned by CityNET's email scanner for viruses and dangerous content *
* and is believed to be clean. CityNET is proud to use MailScanner. For more information *
* concerning MailScanner, visit http://www.mailscanner.info *
**********************************************************************************************
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-09-26 21:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-26 17:32 Re[2]: [LARTC] Connection Tracking - How Many??? Peteris Krumins
2003-09-26 18:11 ` Daniel Chemko
2003-09-26 21:10 ` Walter D. Wyndroski [this message]
2003-09-29 19:23 ` Damjan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106461090523616@msgid-missing \
--to=wdwrn@friendlycity.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.