[ previous ] [ next ] [ threads ]
 From:  "Atkins, Dwane P" <ATKINSD at uthscsa dot edu>
 To:  "Chris Buechler" <cbuechler at gmail dot com>, "Lee Sharp" <leesharp at hal dash pc dot org>
 Cc:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Support Questions
 Date:  Fri, 3 Aug 2007 13:21:19 -0500
I actually have about 200 students on our m0n0wall between like 11 AM to
1 PM.  Md0c hot 100 %. When you are referring to states, you are talking
about all entries combined.  I mean, the firewall state, the DHCP
address, etc..?  I have lessened the TCP idle timeout to 30 minutes, the
DHCP idle timeout to 30 minutes.  What else is there I can do?  I have
seen folks speak of system hardware, but 256 MB of memory and 256 MB
Compact Flash really is overkill.



-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Friday, August 03, 2007 12:31 PM
Cc: Monowall Support List
Subject: Re: [m0n0wall] Support Questions

On 8/3/07, Atkins, Dwane P <ATKINSD at uthscsa dot edu> wrote:
> Good morning.  I would like see if someone can give me an idea of how
> many users the believe that m0n0wall should be able to handle?
> Are we looking at 100?  Or 200 maybe?  Or is it thousands?

However many will exhaust a 30,000 max capacity state table. That may
be 5 hosts in some networks, and 100,000 hosts in other networks.
There are networks running m0n0wall with thousands of hosts.
Exhausting the state table is going to be the first problem you hit,
and it's not easy to change that since it requires a kernel recompile.
But 30,000 should be adequate for most business networks (i.e. no P2P
traffic or other extreme Internet abuse) up to a couple thousand or
more hosts. It varies way too much from one network to another to even
attempt to estimate for your particular network.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch