Hi all I just noticed that the 2.4. Kernel shipped with Bering does add a conntrack entry for each routed connection. Please note that I really mean plain routing, NOT NAT/MASQ'ing. This router is a 21Port (100Mbit) with ~200 clients. This router is NOT going to be used to connect these ~200 clients (which are distributed over the 21 interfaces) to the internet! It doesn't do *any* masqing/NATing, it only does plain ethernet to ethernet routing. This router is not *yet* in productive application.
Now my question: As I described above, the 2.4. Kernel seems to add an entry to /proc/net/ip_conntrack for each connection running over the router (e.g. if a client on eth1 wants to talk with a server on eth5). /proc/sys/net/ipv4/ip_conntrack_max is currently set to 32768 (I didn't do anything, seems to be an auto-value). May I run into problems with this setup if every of these 200 clients are gonna talk with our servers? What does the value 32768 mean? Max. size of the conntrack table in bytes? Max. # of entries in the table? Is there a way to disable conntracking but still using iptables commands to restrict traffic between the interfaces? Or is the value 32768 big enough anyway? Google says that I may increase this value according to the amount of memory installed in the router. The router got 512MB RAM... Any ideas? Thank you for your answer So long -- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch | http://leaf.sourceforge.net/devel/sminola ------------------------------------------------------- This SF.NET email is sponsored by: Thawte.com Understand how to protect your customers personal information by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
