Hi Thanks ... But tell me ... do i really need ip_conntrack? What would happen if i remove it permanently ... how will this affect my IP Table rule ... I've only got one rule: e.g: iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.22.33:3128 ------------------------------------------------------------ On Mon, 27 Oct 2003 16:09:14 -0400 NightHawk <nighthawk@xxxxxxxxxxxxxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Warren, > I would only raise the value in /proc/net/ip_conntrack > a little bit at a > time till you find the lowest number that works for your > situation. Once you > have everything under control, the number shouldn't have > to be too high, at > least this has been my experience. I only raise the > number when having a > "situation", and then lower it back down once things are > calmed down. > > And yes, I did mean to rmmod ip_conntack, when I > mentioned dropping > ip_conntrack. Although, this tends to require dropping a > few other modules > as well, and also tends to require stopping iptables > while you do so. (due to > some of the modules that you have to remove.) Which is > why it is not the > best solution for all situations.... > > NH > > On Monday 27 October 2003 2:52 pm, Warren P wrote: > > hi > > > > WRT echo ## > /proc/net/ip_conntrack > > > > Considering i've got 1gig of RAM ... what is a safe > value i > > can set ip_conntrack_max to? The current value is 65528 > > > > Also when you refer to dropping ip_conntrack ... do > mean > > like rmmod ip_conntrack.o? > > > > Regards, > > Warren P > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/nXtqb58ZIoF+byQRAgbWAKCOgeguwsDsDnvsH/8MHx5BTwKuSQCffJ+t > fcgUdKA6Npi/VyhejhJegOE= > =Th5c > -----END PGP SIGNATURE----- >
