[LARTC] Can't change ipt_conntrack hashsize under debian sarge ???

[Sébastien CRAMATTE <s.cramatte@wanadoo.fr>]

Hello,

I've tried to  change  ipt_conntrack hashsize and con   under my debian
charge  but doesn't work !
Ive got 2876Mb available for conntrack so I've  done  (according to some
previous mail and this
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt)

CONNTRACK_MAX = 2876 * 64 = 184064
HASHSIZE = 2876 * 8 = 23002

But the near  power of  2 is 2^16  = 131072  ...  I'm not sure that if
it better to put 184064 or 131072 ?
Seems that netfilter algorythm is more eficient with power of 2  value ?

I can set the CONNTRACK_MAX value but not the HASHSIZE ... I've tried
add hashsize= paremeter   in /etc/modules or in
/etc/modprobe.d/arch/i386 and I've done an "update-modules" ...  When
reboot the server the value still 8192  ???? Any Ideas ?

Moreover I've read somewhere that is better to augment HASHSIZE value
to 1:2 ratio ... in my case 65440
But how can I determine the best value ? My computer is P4 Hyper
Threading  3.6 Ghz  ... Might be I should put 131072 as CONNTRACK_MAX ?
This server is a bridge that only do L7 QoS  (filter + o - 70 Mbits for
> 600 customers ).

# cat /etc/sysctl.conf
net.ipv4.netfilter.ip_conntrack_max = 131072

#cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
131072

# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets
8192

#cat /etc/modprobe.d/arch/i386

alias eth0 tg3
alias eth1 tg3
alias eth2 e1000

options ipt_conntrack hashsize=65440


Many thanks for you help
Regards








_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc