Feature Requests

Hello!
Running m0n0wall 1.3b2 network with 50 users and 8/1 adsl.
Some bittorrent traffic etc..

I do aggressive traffic shaping and I have reduced tcp timeout to 1 hour, this however causes IM programs to disconnect/reconnect as the idle program is consisted as "dead".

Also I can't use outbound nat, reason is adsl modem diagnostics, it seems to fill more state tables than without it...

I do have 256 Mb memory and I would like to increase the state table, is it possible to have m0n0wall similar setting as pfsense, i would like to keep m0n0wall as I don't need other features?

m0n0wall takes now 33% of 256 so 171 Mb left, speed is 400 Mhz PII.

So plenty of space for some extra state tables..

Could somebody compile 1.3b2 generic version for big state tables, i will soon need support for 500-1000 users..

Also hardware will be something like 2 Ghz core duo and 1 Gb memory?
How many state tables I could then support?

How many state table you could put to extra 100 Mb memory?

Best would be adjustable state table to m0n0wall based availble memory, m0n0 could suggest some "safe"  value based on installed memory.

I'm unable to combile custon image, no experience, maybe i will need to switch pfsense...

I know this is a request post, but could your problem be dealt with by reducing the amount of time stale TCP sessions are held in the state table? The default table size is 10,000 sessions I believe, but the default for timeouts is 2.5 hours.

May try reducing it to 45minutes (2700 seconds) to see if that makes a difference.

Hello!
Far is i know monowall 1.2b

http://m0n0.ch/wall/changelog.php
increased filter state table size to 30000 entries

It seems to be way to little as modern computers tend to have more memory and processing power, we should gave this setting adjustable like pfsense, and some info how to adjust it. As more table, more processing power and memory needed.

modern firewalls may have 100 000 state table or more...

I noticed that it helped when i reduced this...

Is there any way to check amount of used tables or see if this table overflow

Jugi

It seems to be way to little as modern computers tend to have more memory and processing power, we should gave this setting adjustable like pfsense, and some info how to adjust it. As more table, more processing power and memory needed.

Unfortunately, at least with ipfilter 3.4 (which is used in m0n0wall 1.2x), this setting can only be changed at kernel compile time.

It seems to be way to little as modern computers tend to have more memory and processing power, we should gave this setting adjustable like pfsense, and some info how to adjust it. As more table, more processing power and memory needed.

Unfortunately, at least with ipfilter 3.4 (which is used in m0n0wall 1.2x), this setting can only be changed at kernel compile time.

http://www.phildev.net/ipf/IPFques.html#ques25

correct

http://cvstrac.pfsense.com/chngview?cn=2792

It seems that ALTQ in pfsense makes this possible...., thanks for confirming this Manuel

Anyway, I'm after "performance twaked" m0n0wall..

I have used m0n0wall about 1,5 years and do belive that is VERY good piece of software, but there are many places where embedded performance is too little or cheap old hardware is avaible (cost reasons, example developing countries)

To not make this too difficult, if we consider twaked performance m0n0wall wich would require 1 Ghz prosessor and 512-1024 Mb memory...

What are the settings to be tweaked, generally more buffer/state table space, more secure agains dos floods etc, more robust with lots of p2p traffic, no mystic lock ups... more tcp timeout time etc... Basically this version could handle more connections, it's much harder to be flooded etc... less mysterious resource related problems..

Is there any other "tables" that could overflow/fill on high stress situation?

Some values http://www.phildev.net/ipf/IPFprob.html#prob4

Could it be possible to the performance build of m0n0wall, intented for more powerful computers.

Jugi