we use linux 2.4 as a firewall.the machine has 128M memory and we have about 200 people behind the firewall. we met some problem.sometimes the firewall costs up its resources and goes down.i checked with 'top' and found that the memory is used up. the file /proc/net/ip_conntrack records all the connnections,and it grows fast. i think this may be the problem. how to solve the problem? to increase the memory is a solution,but that will not solve all the problem.or to get rid of ip_conntrack when compile the kernel? but we have to use nat. anyone have some good idea on it?thanks for help.
zheng chuanbo _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
