/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Daniel Boyd wrote:
> Q: I know that a hard limit of 4096 ports are available for masqerading "out
> of the box". What is the practical limit that I can adjust this to allow for
> more than the standard 4096 ports? I have, based on numbers gleaned from my
> current NAT server (SonicWall Pro) that I have in excess of 6000 simultaneous
> connections (not users) at peak times. Is this do-able with my Linux box
> (Mandrake 7.2, kernel 2.2.17secure, Athlon Thunderbird 900Mhz, 256MB RAM,
> 100Mbit/s Ethernet cards (3Com 3C905C's).
first thing to note is that 4096 outgoing ports does not equate to 4096
masqueraded connections. a tcp/udp "connection" is a 5-tuple:
(src ip, src port, protocol: tcp or udp, dst ip, dst port)
so those 4096 ports can be reused many times provided that the dst ip or
dst port differ. this means that 4096 masquerading ports can service many
tens of thousands (or more?) masqueraded connections.
what you need is definitely doable with the machine you describe.
however, if your needs were to increase dramatically, you can change
the port range used for masquerading by tweaking:
/proc/sys/net/ipv4/ip_local_port_range
which contains: low end of port range, tab character, high end of port range.
so the following command (in bash) will set the masq port range to 1024:8192
echo -e "1024\t8192" > /proc/sys/net/ipv4/ip_local_port_range
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
