/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
On Thu, Jul 24, 2003 at 11:51:42AM -0500, Fuzzy Fox wrote: > Julian Eduardo de Anquin <[EMAIL PROTECTED]> wrote: > > > > I'm having some troubles in my network. I have a masquerade server, > > to provide internet access to my lan. Spontaneously some computers in > > the network cant access the internet, while others can. > > This could indicate that your connection table is filling up. If that > happens, hosts that have an established connection can continue to use > the net, but hosts trying to open new connections will fail. Is that > what you see? > > Your best source of information is the firewall itself. Login and check > system logs, "dmesg" output, and see if anything suspicious shows up. > > You can examine the connection table with > > cat /proc/net/ip_conntrack > > You can just get a count of how many connections there are with > > cat /proc/net/ip_conntrack | wc -l > > If the table is huge, you would need to examine it by hand to see what > hosts and IP's are causing all the connections. IIRC, the maximum number of connections is also set to a default value based on the available memory in the system. To see what it's set to: cat /proc/sys/net/ipv4/ip_conntrack_max Which in my case is currently 30712 on my main firewall, 1024 on an old 486 I used to use, and 4096 on another firewall I maintain. The new system has significantly more memory than both the others (512 vs 64 & 16). You can also increase this by echoing a larger number into it: echo "4096" > /proc/sys/net/ipv4/ip_conntrack_max However be aware that doing so will increase the memory used. -- Jamin W. Collins Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
