Results 1 to 5 of 5

Thread: NAT and Iptables

  1. #1

    NAT and Iptables

    HI,

    I am using iptables to masqurade and demasqurade packets for my network. as the people browse the net the memory in the machine running iptables gets filled up and the server becomes slow and stops.
    can anyone help me with this problem.

    regards,
    Balaji .a

  2. #2
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:NAT and Iptables

    This may sound stupid, but finish reading.

    Add more RAM.

    The routing table and rule table gets loaded into memory. So as your LAN grows and you add more rules, the size of these grow quite quickly. I dont have alot of experience per se with Linux firewalls, but I have come to worship OpenBSD, and pf (the packet fitler for OBSD) has these limitations.

    IF you dont mind my asking, how many rules are getting applied for how many users? And how much RAM? All in all, pump as much RAM as humanly possible in the firewall/gateway. I had for <75 rules 64 MB in the gateway. no problems whatsoever. The bridge I built, had less, 32MB and substantially less rules ( <20 ). Neither have had problems, nor any since my layoff (my manager is a friend of mine, and is rather clueless to UNIX. He will not hesitate to ask, since I built it).

    HTH

  3. #3

    Re:NAT and Iptables

    HI,

    I have 256 Mb Ram on the macine and I have only some 25 rules.

    regards,
    Balaji .A

    [quote author=Schotty link=board=2;threadid=6198;start=0#58702 date=1043662464]
    This may sound stupid, but finish reading.

    Add more RAM.

    The routing table and rule table gets loaded into memory. So as your LAN grows and you add more rules, the size of these grow quite quickly. I dont have alot of experience per se with Linux firewalls, but I have come to worship OpenBSD, and pf (the packet fitler for OBSD) has these limitations.

    IF you dont mind my asking, how many rules are getting applied for how many users? And how much RAM? All in all, pump as much RAM as humanly possible in the firewall/gateway. I had for <75 rules 64 MB in the gateway. no problems whatsoever. The bridge I built, had less, 32MB and substantially less rules ( <20 ). Neither have had problems, nor any since my layoff (my manager is a friend of mine, and is rather clueless to UNIX. He will not hesitate to ask, since I built it).

    HTH
    [/quote]

  4. #4

    Re:NAT and Iptables

    How many people are accessing your net through your firewall? I've run NAT/iptables boxes with 64Mb and 128Mbs RAM and Celeron 550Mhz procs with no problems. Primarily my users just used email, web and Citrix ICA sessions, but I was able to support about 100+ simultaneous connections (mostly to port 80), so my load was fairly light.

    As a rule of thumb, try to apply your rules in the precidence of most commonly used services to the least used. If you can write rules that contain user-defined targets, you might also be able further optimize your rule set.

    To troubleshoot this further, just log everything your firewall drops, then check your log files to make sure somethnig else is not stealing your memory (perhaps you're just experiencing the recent SQL worm delimma).

  5. #5
    Moderator
    Good Guru
    Schotty's Avatar
    Join Date
    Jul 2001
    Location
    Milwaukee, WI
    Posts
    5,760

    Re:NAT and Iptables

    Perhaps for best help, could you post your rules here?

Similar Threads

  1. iptables
    By digitalspy99 in forum Linux - General Topics
    Replies: 1
    Last Post: 08-05-2008, 03:42 AM
  2. Need help with iptables
    By Pioneo in forum Linux - Software, Applications & Programming
    Replies: 17
    Last Post: 04-28-2008, 01:33 AM
  3. GUI for iptables???
    By SwampDonkey in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 12-13-2002, 12:50 PM
  4. Where do iptables go?
    By flashingcurser in forum Linux - Software, Applications & Programming
    Replies: 3
    Last Post: 08-14-2002, 08:37 PM
  5. iptables
    By elovkoff in forum Security
    Replies: 9
    Last Post: 03-19-2002, 02:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •