You don't. Maybe that's conntrack's default, but you can set it to a higher number manually. The required memory is approx 400b per connection (depends on iptables/kernel compile time options). The rather conservative default (hashsize = 1/16384th of RAM) is for a generic system. For more info look at ip_conntrack_core.c 65535 connections need about 25MB in RAM, so before starting iptables, do modprobe ip_conntrack hashsize=8192 (contrack_max is auto-set to 8*hashsize, this is the recommended relation). In fact my distro Shurdix automatically sets up larger hashsize than the default, depending on system memory.
Hmm, I did not have much time to solve this problem at the time and documentation was hard to come by at the time and what I did find was old. Alass I was not subscribed to this list to ask for help either. Note things have changed sense then. :)
While a redundant system is indeed a good idea, I recommend making sure the router is rock stable. This doesn't necessarily require high-end / fast hardware, it is recommended to stress test it before going live (memtest/cpuburn/whatever). My tip is not to use "primitive" network cards like those based on rtl8139 which you require high bandwidth. This has the most noticeable impact on performance. I have ok experience with 3com's, I've heard intels are even better.
I would agree to both points. I have had good luck with the rtl8139s on Cable / DSL and T1 routers but I would want something better (3C905x cards) for a much higher bandwidth installation. The redundant (identical) system is for those cases where the cleaning crew and / or momma nature and / or Mr Murphy have their way with your box. We have all had it happen (or will) in some way or another at some time. It is not "if" a box will fail in some way, but rather "when". The failure may not be any thing you could prevent. I think the stores in Florida this year are a good example of that. Grant. . . . _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
