> On Wednesday 06 November 2002 9:57 pm, Luis Fernando Barrera wrote: > >> My output is the following: >> >> (right now everything is working) >> >> # wc -l /proc/net/ip_conntrack >> 156 /proc/net/ip_conntrack >> # cat /proc/sys/net/ipv4/ip_conntrack_max >> 65424 >> >> My box has 1GB RAM. > > Okay, so this means you have 156 connections being tracked through your > firewall (seems a perfectly reasonable number for 200 users), with > capacity for up to 65424 connections before the box gets overloaded. > > If you ever got more than 65424 connections from 200 users it would > indicate a serious problem (eg Nimda on the machines...) - I would > never expect that to happen. Never heard of CounterStrike? Only takes a few users to do a 'get server list' at the same time to fill a conntrack table that size. Is the maximum you can set the limit really only about 65535? I'd hope it isn't that short-sighted as a well know fool in the past ... Bill Gates 640K :-) -- -Cheers -Andrew MS ... if only he hadn't been hang gliding!
