Ahmed Kamal wrote:
> Hello,
> I will be NAT'ing 2000 users through a rhel5 box as our router is not able
> to handle the load. What's the recommended settings for that?!
> I imagine I will need to decrease the connection tracking time, and increase
> the total number of tracked connections?! Any advice is highly appreciated
> Thanks guys

I've not had anything like that number of users, and if I had it
wouldn't necessarily reflect the adequacy of your system it depends a
lot on what your users do. Heavy downloaders have different requirements
from casual email and web browsers - email users might not impact the
NAT functionality at all.

I'd start with installing shorewall; in fact I will be doing just that
shortly.

I also block traffic in both directions, allowing just that traffic
that's needed. And that applies equally to my home connexion, running
CentOS4.

If every someone gets _in_ through my security, they still need to be
able to run traffic _out_ to cause any mischief. It's also a handy
indicator if someone attaches a virus-infected laptop to the network.






--

Cheers
John

-- spambait
1aaaaaaa@(protected)
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list