On 12/01/02 at 01:22 PM Zuhair Husain spake thusly: >what is the max allowable value for ip_conntrack_max. ?? > >> >Iptables are full and starts dropping packets. >> >1. Is it due to system ram? >> >2. OR I need to tweak the iptables. >> >The iptables are used to divert the traffic from port 80 to post 3128 >> >> It might be that Squid is establishing a lot of NAT connections and >keeping >> then open even after they have been serviced. See teh output of cat >> /proc/net/ip_conntrack, if it is a large file, or it shows many >connections >> as "established" when they should have been dropped, it'll make sense to >> increase teh value of ip_conntrack_max in >> /proc/sys/net/ipv4/ip_conntrack_max.
There is no clear answer to this. Please read up the FAQ.....it suggests the values for conntrack_max depending on the RAM you have.....I don't recall TOM, but with 1gig of RAM, it should be 65536....still, you better check up the faq.. rgds -- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
