Re: [squid-users] iptables problem in transparent redirection

I'm serving about 45/second so thats not insanely high.

This seems to be more of an iptables problem - I've set my squid box as the
default gateway for my AS5300s... this problem doesn't come up if I use
routemaps.

Thanks for the help!

----- Original Message -----
From: "Henrik Nordstrom" <hno@marasystems.com>
To: "Ahsan Ali" <ahsan@khi.comsats.net.pk>; <squid-users@squid-cache.org>
Sent: Thursday, April 11, 2002 9:03 PM
Subject: Re: [squid-users] iptables problem in transparent redirection

> Hmm.. how many requests/s are you serving?
>
> I suspect something is wrong here. 60K conntrack entries is a lot, but
then
> it is only 100 per user so if all your users are clicking like mad then
> perhaps.. but I think you would then have some thousand requests/s to
reach
> this limit.
>
> Anyway, the variable is a integer and can be set to mostly anything. It is
> not limited to 65535. But if you set it very large then you should also
> increase the conntrack hash size for better performance.. See the
> iptables/netfilter documentation or ask in a suitable netfilter user
group.
>
> Regards
> Henrik
>
> Ahsan Ali wrote:
> > Hi guys!
> >
> > I'm getting a problem I think some of you must have run into by now -
I've
> > increased
> >
> > /proc/sys/net/ipv4/ip_conntrack_max
> >
> > to 65535
> >
> > And I'm still getting conntrack exceeded errors... how do I increase it
to
> > 128K and beyond?
> >
> > I'm transparently redirecting some 600 concurrent dialup users.
> >
> > Thanks guys!
> >
> > -Ahsan
>
>
Received on Fri Apr 12 2002 - 07:39:35 MDT