[ previous ] [ next ] [ threads ]
 From:  <tech at adaptive dot net>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "monowall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Robust enough for heavy duty?
 Date:  Fri, 30 Dec 2005 13:29:10 -0500
Thanks for your guidance,  my only concern with the original request, is 
that that 12 mbps is coming from some 20,000 email users and 4,000 web 
sites, so it not necessarily big chunks of datam, but perhaps a lots of 
small chunks, which may eat up the 30,000 states is what i fear.



----- Original Message ----- 
From: "Chris Buechler" <cbuechler at gmail dot com>
Cc: "monowall" <m0n0wall at lists dot m0n0 dot ch>
Sent: Friday, December 30, 2005 1:00 PM
Subject: Re: [m0n0wall] Robust enough for heavy duty?

On 12/30/05, James W. McKeand <james at mckeand dot biz> wrote:
> tech at adaptive dot net wrote:
> > What defines the use of these states?  Say you have a request for a
> > web page with some 20 images on it.  The server is serving these out
> > as individual files or 'hits'.  Do each of these 20 images count as a
> > single 'state' or is the web page request as a whole considered one
> > 'state'?
> Take a look at the state table in the Diagnostics. You should see that a
> state is a session between computers (by IP address and port - assuming
> 1.2). So, unless your web browser opens a separate session for each
> image, you should only have one session for the web page request.

I believe that's generally correct.  If you look at 5 different web
browsers on 5 different OS's, you might get all different results
though.  Also, for example, some people configure Firefox to fetch
multiple items on a page simultaneously, so you might have 5 or so
simultanous with something like that.

The vast majority of states will be quickly removed from the state
table, as the connections will be properly closed.  If anything,
ipfilter is a bit overzealous in cutting off states (not that other
firewalls aren't - my PIX firewalls drop more legit reply traffic than
my m0n0walls).  My point being, states don't hang around for long.  A
few won't get closed properly for a number of reasons, but will get
timed out after an hour and a half (IIRC that's the default in 1.2, if
not exactly that, it's close).

I believe I stated this previously, but with only 12 Mb of
web/mail/DNS/etc. traffic at peak times, I seriously doubt if you're
using > 30K states.  I'd be surprised if you're using half that many.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.9/216 - Release Date: 12/29/2005