Hello, Was just a typografic problem !!!! El module is ip_conntrack and not ipt_conntrack ... Works well now Sébastien CRAMATTE a écrit : > Hello, > > I've tried to change ipt_conntrack hashsize and con under my debian > charge but doesn't work ! > Ive got 2876Mb available for conntrack so I've done (according to some > previous mail and this > http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) > > This server running debian sarge 3.1 + 2.6.18 kernel > > CONNTRACK_MAX = 2876 * 64 = 184064 > HASHSIZE = 2876 * 8 = 23002 > > But the near power of 2 is 2^16 = 131072 ... I'm not sure that if > it better to put 184064 or 131072 ? > Seems that netfilter algorythm is more eficient with power of 2 value ? > > I can set the CONNTRACK_MAX value but not the HASHSIZE ... I've tried > add hashsize= paremeter in /etc/modules or in > /etc/modprobe.d/arch/i386 and I've done an "update-modules" ... When > reboot the server the value still 8192 ???? Any Ideas ? > > Moreover I've read somewhere that is better to augment HASHSIZE value > to 1:2 ratio ... in my case 65440 > But how can I determine the best value ? My computer is P4 Hyper > Threading 3.6 Ghz ... Might be I should put 131072 as CONNTRACK_MAX ? > This server is a bridge that only do L7 QoS (filter + o - 70 Mbits for > >> 600 customers ). >> > > # cat /etc/sysctl.conf > net.ipv4.netfilter.ip_conntrack_max = 131072 > > #cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max > 131072 > > # cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets > 8192 > > #cat /etc/modprobe.d/arch/i386 > > alias eth0 tg3 > alias eth1 tg3 > alias eth2 e1000 > > options ipt_conntrack hashsize=65440 > > What about the patch 76_conntrack_bucket_sysctl.patch ? > Many thanks for you help > Regards > > > > > -- ZEN SOLUCIONES - Be in XForms take your "Concentré" Sébastien CRAMATTE Plaza Sandoval, 5, piso 4b 30004 Murcia - ESPAÑA Móvil : +34 627 66 52 83 Fijo : +34 968 29 29 65 E-mail : scramatte@xxxxxxxxxxxxxxxxx Site : www.zensoluciones.com Skype : scramatte Msn : scramatte@xxxxxxxxxxx Jabber: scramatte@xxxxxxxxxx -- CONCENTRÉ xml entreprise grade framework http://concentre.zensoluciones.com -- This e-mail is privileged and may contain confidential information intended only for the person(s) named above. If you receive this e-mail in error, please notify the sender immediately and delete it. E-mail and internet transmissions can't be warrant privacy, integrity or correct reception. The sender will not be liable for any damages resulting. Este mensaje va dirigido, de manera exclusiva, a su destinatario y puede contener información confidencial. En caso de haber recibido este mensaje por error, informe al emisor inmediatamente y proceda a su eliminación. El correo electrónico y las comunicaciones por medio de Internet no permiten garantizar la confidencialidad de los mensajes transmitidos, así como tampoco su integridad o su correcta de recepción. El emisor no asume responsabilidad alguna por tales circunstancias. Ce message est destiné exclusivement à son destinataire et peut contenir des informations confidentielles. En cas de réception d'un tel message par erreur, informez l'expéditeur immédiatement et procédez à son effacement. Il n'est pas possible de garantir la confidentialité, l'intégrité ou la réception correcte du courrier électronique ainsi que des communications par internet. L'expéditeur ne peut être tenu pour responsable d'éventuels dommages commis.
