zheng wrote: > we use linux 2.4 as a firewall.the machine has 128M memory and we have about 200 >people behind the firewall. we met some problem.sometimes the firewall costs up its >resources and goes down.i checked with 'top' and found that the memory is used up. >the file /proc/net/ip_conntrack records all the connnections,and it grows fast. i >think this may be the problem. > how to solve the problem? to increase the memory is a solution,but that will not >solve all the problem.or to get rid of ip_conntrack when compile the kernel? but we >have to use nat. > anyone have some good idea on it?thanks for help.
Is it a smart thing to activate the connection tracking when you have to handle with so many connections ???? In other words: Are you really needing the connection tracking part for this firewall? -- Emmanuel The scientific theory I like best is that the rings of Saturn are composed entirely of lost airline luggage. -- Mark Russell