search for: wallfir

Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072 ... I''m not sure that if it better to put 184064 or 131072 ? Seems that netfilter algorythm is more eficient with power of 2 value ? I ca...

...ndergone any changes aside from installing another 512Mb of RAM. Kernel is the same, and shorewall config is essentially the same. In searching for an answer, I came across this link which suggests that a dedicated firewall should have the ip_conntrack hashsize = ip_conntrack_max: http://www.wallfire.org/misc/netfilter_conntrack_perf.txt I know this isn''t strictly a shorewall issue, but I mention it here in case it is relevant. I plan to visit netfilter lists to investigate more. Now for a shorewall issue: it occurred to me that if I took a "shorewall status" of our cur...

I was trying to do what the article at http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables <http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.performance.html#conntrack_filling_tables%3C/blockquote%3E%3C/div%3E> suggested My iptables rules are ------------------------------------------------------------------------ #that's what the