-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Warren, I would only raise the value in /proc/net/ip_conntrack a little bit at a time till you find the lowest number that works for your situation. Once you have everything under control, the number shouldn't have to be too high, at least this has been my experience. I only raise the number when having a "situation", and then lower it back down once things are calmed down. And yes, I did mean to rmmod ip_conntack, when I mentioned dropping ip_conntrack. Although, this tends to require dropping a few other modules as well, and also tends to require stopping iptables while you do so. (due to some of the modules that you have to remove.) Which is why it is not the best solution for all situations.... NH On Monday 27 October 2003 2:52 pm, Warren P wrote: > hi > > WRT echo ## > /proc/net/ip_conntrack > > Considering i've got 1gig of RAM ... what is a safe value i > can set ip_conntrack_max to? The current value is 65528 > > Also when you refer to dropping ip_conntrack ... do mean > like rmmod ip_conntrack.o? > > Regards, > Warren P > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/nXtqb58ZIoF+byQRAgbWAKCOgeguwsDsDnvsH/8MHx5BTwKuSQCffJ+t fcgUdKA6Npi/VyhejhJegOE= =Th5c -----END PGP SIGNATURE-----