Everyone, I ran out of file descriptors after putting this config for 1 minute on a high volume network. I'll improve it with iptables REDIRECT and load gre module at startup. Much Regards, Dan On 3/15/06, Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> wrote: > ons 2006-03-15 klockan 16:56 +0545 skrev arabinda: > > > If the http traffic is very high, is it possible that DNAT can be a bottle > > neck? > > If you run out of iptables/netfilter conntrack entries then performance > will go down the drain. This gets logged in the kernel syslog messages > if it happens.. > > Regards > Henrik > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > > iD8DBQBEGBCx516QwDnMM9sRAswLAJ9vTz1KJr4pVVzXs4V9jZDSgFWWnACfWSL5 > hThmu9yxZNE9A5tyGuzmKf4= > =aO+b > -----END PGP SIGNATURE----- > > > -- -------------------------- Daniel Epee Lea
