Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 01 December 2024, 02:01:44 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Tuning TCP/IP stack for EFW
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Tuning TCP/IP stack for EFW  (Read 12118 times)
vlongjvc
Full Member
***
Offline Offline

Posts: 27


« on: Saturday 28 August 2010, 05:06:25 pm »

Dear all,

I would like to share some my experiences with EFW, I find that EFW community edition's kernal is running with some default value and I need to tune it:

echo 300 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
echo 20 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_max_retrans
echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
echo 15 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
echo 30 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
echo 60 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent

Add above lines into /etc/rc.d/rc.firewall.local and use it at your own risk.

ip_conntrack_tcp_timeout_established have default value is 432000 (5 days!!!) I think this is an amazing value for me, if too many connections not end properly their state is still Established for 5 days  --->ip_conntrack: table full, dropping packet  Undecided

Any addition is welcome  Smiley
Logged
wavrunrx2
Full Member
***
Offline Offline

Posts: 12


« Reply #1 on: Sunday 29 August 2010, 05:12:11 am »

excellent, thank you for that.  Cheesy
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com