[ previous ] [ next ] [ threads ]
 From:  "NewMedia42" <newmedia42 at excite dot com>
 To:  mk at neon1 dot net
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Problem with deployment (timeout related)...
 Date:  Thu, 30 Sep 2004 15:14:52 -0400 (EDT)
I'll see what I can do, but my Unix experience is fairly limited, although I've done quite a bit of
programming so hopefully the build process won't be a nightmare for me.

Which version of FreeBSD are you recommending - 4.10?  The hacker docs say 4.8, but I wanted to make
sure before I install it...

 --- On Thu 09/30, Manuel Kasper < mk at neon1 dot net > wrote:
From: Manuel Kasper [mailto: mk at neon1 dot net]
To: newmedia42 at excite dot com
     Cc: m0n0wall at lists dot m0n0 dot ch
Date: Thu, 30 Sep 2004 20:48:08 +0200
Subject: Re: [m0n0wall] Problem with deployment (timeout related)...

On 30.09.2004 14:24 -0400, NewMedia42 wrote:<br><br>> problem.  I also found the web interface to
sometimes 'freeze up'<br>> for lack of a better description, at which point I think it would<br>>
timeout new connections.  It is important to note that the problem<br>> seems to be exclusively with
it establishing new connections - it<br>> doesn't appear to have any impact on existing
connections.<br>> <br>> Has anyone had this problem, and if so does anyone know how I could<br>>
solve it?<br>> <br>> Is there any sort of limit on the number of connections which can<br>> pass
through m0n0 at any time?  <br><br>Yes - I'm pretty sure you're hitting the maximum of ~4000 state
table<br>entries. That's the default value for ipfilter, and can unfortunately<br>not be changed
without recompiling the kernel.<br><br>Since m0n0wall wasn't initially meant for high volume setups
like<br>yours, the state/NAT hash table sizes and maximums were just left at<br>their default
values. I posted a message to m0n0wall-dev about two<br>weeks ago, asking people who'd like to help
with m0n0wall to figure<br>out what increasing the state and NAT table sizes would entail
in<br>terms of memory and CPU requirements (especially for small embedded<br>PCs). The goal would be
being able to increase the table sizes to<br>something on the order of 80000 to cover all but the
biggest setups<br>with a single image per platform. I haven't seen a response yet.<br><br>Any
unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch<br>For additional commands, e-mail:
m0n0wall dash help at lists dot m0n0 dot ch<br><br>

Join Excite! - http://www.excite.com
The most personalized portal on the Web!