On 12/01/02 at 10:28 AM mukund spake thusly: >I have recently implemented transparent proxy on a PIII 1GB RAM, 3x20 GB >SCSI disk for DOT. >The squid is running quite well and catering to 300 active user with total >bandwidth of 3.5 MBPS. >When the load increases to about 4 MBPS, the kernel gives the message that >Iptables are full and starts dropping packets. >1. Is it due to system ram? >2. OR I need to tweak the iptables. >The iptables are used to divert the traffic from port 80 to post 3128 >
Hi It might be that Squid is establishing a lot of NAT connections and keeping then open even after they have been serviced. See teh output of cat /proc/net/ip_conntrack, if it is a large file, or it shows many connections as "established" when they should have been dropped, it'll make sense to increase teh value of ip_conntrack_max in /proc/sys/net/ipv4/ip_conntrack_max. Rgds -- ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
