/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
On 21 Dec 2000 08:14:58 -0500, Daniel Boyd wrote:
> Q: I know that a hard limit of 4096 ports are available for masqerading "out
> of the box". What is the practical limit that I can adjust this to allow for
> more than the standard 4096 ports? I have, based on numbers gleaned from my
> current NAT server (SonicWall Pro) that I have in excess of 6000 simultaneous
> connections (not users) at peak times. Is this do-able with my Linux box
> (Mandrake 7.2, kernel 2.2.17secure, Athlon Thunderbird 900Mhz, 256MB RAM,
> 100Mbit/s Ethernet cards (3Com 3C905C's).
Heh, small system. :) I host a system with a meer 600 nodes, and we
build up a lot more connections than that with the default timeouts.
4096 isn't very many connections, even for a moderately sized network.
Anyway, to get around this, you've got two options. First, you can get
into the source code, and change which ports it's using for dynamic NAT.
I can't seem to find the file where this is stored, but I'm sure that
it's in the list archives, and probably in the HOWTOs somewhere. Your
other option is to use IPNAT, on some other form of Unix or Unix like
system (*BSD, Solaris, whatever). The IPNAT software is a heck of a lot
more flexible than the software for Linux, although I'm sure it has some
dis advantages (poor documentation being the biggest one I can think of
right now). The BSD folks consider any documentation at all "great",
whereas those of us who've used the IP-MASQ HOWTO know exactly what
Great documentation looks like.
Greg
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
