[squid-users] ip_conntrack tweaks

From: Paul Seaman <paul@dont-contact.us>
Date: Fri, 10 Jun 2005 20:10:05 -0600

I'm running squid on a Linux router. I keep hitting the following limit:

webcache kernel: ip_conntrack: table full, dropping packet.

Could someone give me some sensible values for a webcache with approximately
800 users? It's a Pentium 4 with 1GB of RAM running kernel 2.6.

net.ipv4.netfilter.ip_conntrack_generic_timeout = ?
net.ipv4.netfilter.ip_conntrack_icmp_timeout = ?
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = ?
net.ipv4.netfilter.ip_conntrack_udp_timeout = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = ?
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = ?
net.ipv4.netfilter.ip_conntrack_buckets = ?
net.ipv4.netfilter.ip_conntrack_max = ?

Thanks,

Paul
Received on Fri Jun 10 2005 - 20:10:37 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT