• Home
  • Personal
  • Tech
  • Politics
  • Photography

  • Netfilter Conntrack Memory Usage

    June 17th, 2009

    On a busy Linux Netfilter-based firewall, you usually need to up the maximum number of allowed tracked connections (or new connections will be denied and you’ll see log messages from the kernel link this: nf_conntrack: table full, dropping packet.

    More connections will use more RAM, but how much?  We don’t want to overcommit, as the connection tracker uses unswappable memory and things will blow up. If we set aside 512MB for connection tracking, how many concurrent connections can we track?

    There is some Netfilter documentation on wallfire.org, but it’s quite old. How can we be sure it’s still correct without completely understanding the Netfilter code? Does it account for real life constraints such as page size, or is it just derived from looking at the code? A running Linux kernel gives us all the info we need through it’s slabinfo proc file.
    Read the rest of this entry »

    Tags: conntrack, firewall, iptables, kernel, limit, linux, max, netfilter, performance, ram, slab

    Posted in Tech | 1 Comment »

  • IPSEC VPN problems upgrading to Ubuntu Edgy

    November 2nd, 2006

    I upgraded my home gateway firewall to Edgy today in the hope of fixing some SATA problems I’ve been experiencing. The new Edgy kernel might help – we’ll see.

    Anyway, it went pretty well. Two runs (?) of apt-get dist-upgrade -u, a reboot and there I was.

    Unfortunately I had two problems with my Openswan IPSEC VPNs. I’m not so sure if these count as bugs. I’ll be investigating further and reporting if so. Anyway, techie details follow…
    Read the rest of this entry »

    Tags: dapper, edgy, icmp, ipsec, iptables, kernel, linux, NAT, netfilter, openswan, pmtu, Ubuntu

    Posted in GNU/Linux, Networks and Firewalls, Tech, Ubuntu | 1 Comment »

  • Xorg xserver $HOME/xorg.conf

    September 16th, 2005

    It turns out that xorg will use $HOME/xorg.conf if it finds it, rather than the default in /etc/X11/xorg.conf.

    I didn’t know this, and didn’t notice that it was telling me this in the logs. I’ve now wasted a bunch of time troubleshooting a font problem on Ubuntu where xorg couldn’t find my fonts and I was working from the WRONG CONFIG FILE. AGH!

    Anyway, in other Ubuntu xorg related news, something changed in the latest Breezy upgrades that causes /dev/input/mice not to be created. Xorg then bombs on boot as that’s my core pointer. If you restart udev the device nodes get created fine. Not sure what this is yet.

    Tags: fonts, gdm, kernel, linux, Ubuntu, udev, xorg, xserver

    Posted in Tech, Ubuntu | 1 Comment »

  • John Leach

    • John Leach is a human being living in Leeds, UK.

  • Twitter

    • John our plasterers are on FUCKING STILTS! I will have a photo of them for you in good time, I promise. 1 hr ago
    • More twitter updates →

  • Author Stuff

    • Brightbox Rails Hosting
    • Compost This
    • ELER Web Comic
    • New World Odour
    • News Sniffer
    • Photography
    • Profile and History
    • Recycle This
    • The Gillroyd Parade
    • Things to do today
    • Website

  • Friends

    • Caius Durling
    • Deb Bassett
    • Gianni Tedesco
    • Ian Higgins
    • Louisa Parry
    • Rahoul Baruah
    • Sleepy Kev
    • Tim Waters
    • Tom Hall

  • Stuff

    • ifup
    • Media Lens
    • Mia Bambina
    • News from nowhere

  • Meta

    • Log in
    • Entries RSS
    • Comments RSS

  • Search

Creative Commons License The text of this blog is licensed under the Creative Commons BY-ND license