FreshTomato Wiki

User Tools

Site Tools

Trace:
advanced-ctnf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
advanced-ctnf [2023/05/08 00:34] – [Other Timeouts] -formatting hogwildadvanced-ctnf [2024/11/27 00:29] (current) – [Miscellaneous] hogwild
Line 1: Line 1:
 ====== Conntrack / Netfilter ====== ====== Conntrack / Netfilter ======
-The settings on this page allow you to control some advanced network parameters. In most cases, the default settings are already fine. You should think very carefully before changing the settings from their defaults. You are advised to change these settings only if you have advanced networking knowledge and/or experience.+ 
 +Settings here let you control some advanced network parameters. In most cases, default settings are fine. Think carefully before changing the settings from defaults. You should only change these settings if you have advanced networking knowledge. 
  
 ===== Connections ===== ===== Connections =====
  
-The Connections menu contains some limited conntrack configuration settings. //Conntrack //is a Linux utility that provides an interface to the //netfilter //connection tracking system. In general, conntrack can be used to search, list, inspect and maintain the Linux kernel's connection tracking subsystem \\   \\   \\  **Maximum Connections**: Defines the maximum number of sessions handled by the router (''/proc/sys/net/ipv4/netfilter/ip_conntrack_max'').+The Connections section contains some limited conntrack configuration settings. //Conntrack //is a Linux utility that provides an interface to the //netfilter //connection tracking system. It tracks connections, and is used to know how the packets that pass through the system are related to their connections. 
 + 
 +Generally, conntrack is used to search, list, inspect and maintain the Linux kernel's connection tracking. Conntrack does NOT manipulate packets, and works independently of NAT functions.\\   \\   \\ **Maximum Connections**: the maximum number of sessions handled by the router.
  
-Clicking on the [// Count current ... //] link gives you a real-time view of the current demand for oconnections.+("/proc/sys/net/ipv4/netfilter/ip_conntrack_max").
  
-**Hash Table Size**: This parameter allows you to tweak the following kernel attribute: /''proc/sys/net/ipv4/netfilter/ip_conntrack_buckets''+Clicking the [// Count current ... //] link displays a real-time view of the current demand for connections. 
 + 
 + \\ 
 + 
 +**Hash Table Size**: this lets you tweak the kernel attribute: "/proc/sys/net/ipv4/netfilter/ip_conntrack_buckets"
  
  \\  \\
Line 17: Line 25:
 ===== TCP Timeout ===== ===== TCP Timeout =====
  
-The TCP Timeout table allows you to define some critical TCP parameters, such as timeouts. These affect only connections towards the router and not through the router.+This table lets you define some critical TCP parameters, such as timeouts. These affect only connections towards the router and not through the router.
  
  \\  \\
Line 42: Line 50:
  
  
-=====  Tracking/NAT Helpers =====+===== Tracking/NAT Helpers =====
  
-Some protocols are well-known for not being designed to work well with NAT. Some workarounds (Helpers) have been developed to allow these protocols to operate in a NAT environment. Enabling the option will enable the helper procedure. Be advised that on networks where VoIP is in use, the use of the SIP helper is //not// recommended. While this may seem counterintuitive, real world experience often shows that the SIP helper often makes VoIP work worse, not better.+Some protocols are well-known for being poorly designed to work with NAT. Some workarounds (Helpers) have been developed to allow these protocols to operate in a NAT environment. Enabling the option will enable the corresponding helper procedure. 
 + 
 +Be advised that on networks where VoIP is in use, the use of the SIP helper is //not// recommended. While it may seem counterintuitive, the SIP Helper often makes VoIP function worse, not better. You are advised not to use it. 
 + 
 + \\
  
 {{:pasted:20220110-185610.png}} {{:pasted:20220110-185610.png}}
 +
  
 ===== Miscellaneous ===== ===== Miscellaneous =====
  
-**TCP/UDP Buffers**: This settings defines the amount of TCP/UDP buffers allowed (again, to and from the router). Please be aware that this setting needs to be tweaked carefully. A large buffer will facilitate higher throughput, but a buffer too big might create a collateral //bufferbloat. //Bloated buffers lead to network-crippling latency spikes.+**TCP/UDP Buffers**: defines the number of TCP/UDP buffers allowed (to/from the router).
  
-**TTL Adjust**: This option increases or decreases the packet Time-To-Live value crossing the router.+This needs to be tweaked carefully. A large buffer will facilitate higher throughput, but if too large, might create //bufferbloat. //Bloated buffers lead to network-crippling latency spikes.
  
- **Inbound Layer 7**: This enables L7 matching for inbound traffic, caches the results, and marks the traffic as outbound.+ \\ 
 + 
 +**TTL Adjust**: lets you increase or decrease the packet Time-To-Live value crossing the router. 
 + 
 + \\ 
 + 
 +**Inbound Layer 7**: enables inbound Layer 7 traffic matching, caches the results, and marks the traffic outbound. 
 + 
 + \\
  
 {{:pasted:20220110-185834.png}} \\  \\ {{:pasted:20220110-185834.png}} \\  \\
 +
 + \\
 +
 + \\ \\
  
  
advanced-ctnf.1683502452.txt.gz · Last modified: 2023/05/08 00:34 by hogwild

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki