On Sun, Oct 27, 2002 at 07:44:14PM -0800, Mike Egglestone wrote: > Hi, > I'm wondering if ipmasq has a max connections or if it has > a limit of the number of IP's it can masq at the same time?
I'm pretty sure it cannot masq more than 65535 connections at the same time :-) Off the top of my head, you might be able to increase the number with SNAT'ing over a range of IP addresses. > I would like to guess that there is no limit, or maybe the limit > is really high, like around 65,000 or something. > but I have a subnet on my firewall running with a subnet mask of > 255.255.254.0 > Thus allowing me to have 512 nodes. IPmasq should have no prob masqing more > than 256 workstations right? I'd say the likelihood of problems is very low :) > Some workstations have been getting cutting off from their mail server when > going thru the masqing box. Random sudden disconnections. > When the IP's are changed to a static IP on the public side of the firewall, > the disconnections go away. Aha! At first glance it seems the random disconnections are due to changes in the dynamically assigned ip address. If your external IP address changes while a masq'ed connection is "live", it is obviously killed. You can't avoid that. > The only theory I have is that the disconnections are due to the masqing box > and somehow there is a limit to the number of connections. Well, you said it yourself: using a static IP address makes that behaviour go away (like a bad dream, I might add :-) Configure your system for dynamical IP and keep an eye on changes. I bet you'll find that those connections die when that address changes. Now, why would those addresses change so often is quite another issue... If you prove my theory, you can try to arrange for longer leases of the dynamical address, if static assignment is not an available option.. > Someone please tell me I'm not insane so I can blame the mail server or wiring > or something. You are NOT insane!! Regards, adc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
