> Hi, > > We have a theory about the cause of your problem; when a connection is
<snip> > There must be others who use netfilter in a production environment like > yours. Anyone on netfilter-devel have experiences with this high > connection load? or does anyone have another solution to this problem? > Maybe you could just recompile with a higher limit. > > If you use our patch we would be very interested in hearing about your > experiences (or any bugs) or any other solutions you may find. > > Regards, > Mikkel, Torben, Carsten > On Mon, 22 Apr 2002, zheng wrote: > >> we use linux 2.4 as a firewall.the machine has 128M memory and we >> have >> about 200 people behind the firewall. we met some problem.sometimes >> the firewall costs up its resources and goes down.i checked with 'top' >> and found that the memory is used up. the file /proc/net/ip_conntrack >> records all the connnections,and it grows fast. i think this may be >> the problem. >> how to solve the problem? to increase the memory is a solution,but >> that will not solve all the problem.or to get rid of ip_conntrack when >> compile the kernel? but we have to use nat. >> anyone have some good idea on it?thanks for help. >> >> zheng chuanbo Actually, if you have ANY clients who play FPS (First Person Shooter) games like QuakeIII, Tribes2, CounterStrike (probably the current most popular such games) then when the client starts an Internet game, it will open thousands of connections in a VERY short time period. It does ping and server status checks on every server it is told about - this is anywhere from 500 servers in T2 to almost 20,000 servers in CS CounterStrike will do process 10,000 and 20,000 servers in less than 10 minutes on a 512K ADSL connection (it uses the most) You will find that this is VERY commonly a problem for anyone who uses a Linux box as a router and plays FPS's (or even worse if you have a number of such users in this sort of setup) I certainly thought the patch was a great idea! Now to find time to upgrade my router beyond a 2.2 kernel :-) -- -Cheers -Andrew MS ... if only he hadn't been hang gliding!