Antony Stone wrote:
oh!, excuse me for the html!
128Mbytes should be enough for a few thousand connections. As for how many do you need, a starting point is:
1. How any client computers do you have in your LAN accessing the Internet through the firewall? (allow a maximum of 10 connections per PC at any given time - this will be an overestimate, but not by a ridiculous factor).
2. Do you run any servers on your DMZ accessible from the Internet? Mail servers, web servers, and name servers will all generate different volumes of connections, but if you allow 50-100 connections per server, again that should be a worthwhile estimate.
very well, thancks. I have 20 computer in the lan and 5 server.
Another questions: how I can limit the number of connection for every computer?
In that case something is wrong with your system. 626 connections is hardly anything - I do not see how you can be running out of conntrack table entries with only 626 current connections.
What is the value in /proc/sys/net/ipv4/ip_conntrack_max ?
ip_conntrack_max now is 10240.
bye Antonio!