|
||||||||
Yes, we've tried the new beta, but with the same problem. But you are right, there is too many connections from the LAN side. When we allow only the basic web services rejecting connections with nonstandard destination ports, the problem wanishes, everything is fine. However I don't think that this is the right solution to this. There must be a more systematic approach. Can anyone help with this one? Thanks a lot, Hynek. On Tue, 9 Nov 2004 16:52:40 -0500, Chris Buechler <cbuechler at gmail dot com> wrote: > On Tue, 9 Nov 2004 16:51:17 +0100, Hynek Cihlar <hynek dot cihlar at gmail dot com> wrote: > > > > Hi, what would be the symptoms of too many connections from the LAN side? > > > > We have a small network of around 50 users. On a random basis the > > router doesn't handle routing properly - the speed to WAN isn't fully > > utilized, even packets are lost occasionally (www pages not beeing > > loaded correctly, and so on). I've discovered that when I reset the > > NAT connection table, everything starts working again for a random > > period of time. > > > > It seems that the same requirement - to limit the number of NAT > > connections - would be beneficial to us as well. > > If you exhaust the state table, existing connections will work fine > but no new connections can be established. Generally you don't see > this unless you have a very large LAN, something infected with a > virus/worm spewing stuff to the internet like mad, or a bunch of > people running things like P2P that create hundreds or thousands of > connections. > > I don't know about limiting the state table entries per IP, but the > 1.2 beta versions have increased the size of the state table from > 4,000 to 30,000. Might want to try the newest beta. > > -Chris > -- Hynek Cihlar |