[ previous ] [ next ] [ threads ]
 
 From:  Jukka Ruotsalainen <jukka dot ruotsalainen at cs dot helsinki dot fi>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall performance question
 Date:  Sun, 04 Mar 2007 23:30:39 +0200
Chris Buechler wrote:
> On 3/4/07, Jukka Ruotsalainen <jukka dot ruotsalainen at cs dot helsinki dot fi> wrote:
>>
>> How the amount of sessions is setup?
> 
> hard coded at compile time. You have to recompile the kernel to raise
> the limit.
> 
> 
>> Is it same as sysctl -w kern.ipc.somaxconn=32768 ?
>>
> 
> No.
> 
> 
> 
>> I use now
>>
>> sysctl -w kern.ipc.somaxconn=32768
>>
>> and set kern.ipc.nmbclusters=32768
>>
> 
> I believe these aren't actually going to help anything. I believe they
> only affect traffic initiated by the firewall, or destined to daemons
> listening on the firewall, which would be next to nothing. I know the
> FAQ says otherwise (I wrote that FAQ quite a while ago, it needs to be
> revised once I have a chance to figure out for sure what the effect of
> those is in a firewall environment).
> 
> -Chris

I have setup where I have about 50 users and m0n0 is acting as firewall 
and traffic shaper, I do have a feel that I have more problems if I do 
not set sysctl -w kern.ipc.somaxconn=32768

Then

All traffic is not routed to the wan so "smoothly", specially heavy p2p 
traffic causes problems.

kern.ipc.somaxconn=32768 what it actually does?

Also some bsd tweak guides do recomend these settings, it should 
increase max connections and protects against dos attacks?

I really hope some "performance" build of m0n0wall, nothing else, but 
just tweaked settings so more memory and maybe processing power is used 
properly.

I have no need to change pfsense.

Jukka