I am running several services behind IPFire that create a mass of TCP Connections.
At the moment I am running into the problem that, apparently, IPFire has a maximum limit of 16384 open connections. I need to increase that limit, as I am running into problems with connectivity because there are no more free connection sockets.
I searched, but did not find an answer so I ask here. Is it possible, maybe via root shell, to increase the limit?
I did some digging for example echo β1024 65535β > /proc/sys/net/ipv4/ip_local_port_range and some sysctl tweaks, but nothing seems to take effect.
Do you have a legitimate reason for having so many connections?
The amount is set at boot time depending on how much memory you have. So setting this to something really high might exhaust your IPFire system of memory.
Yes, the company I work for writes server software, and the alternative would be to set up more ipfire instances with multiple IP addresses. But why do that when you can use only one IPFire?
The software connects to many clients and does not produce many packets or traffic, just periodic heartbeats and some data requests from time to time. But the connections need to be kept open.
CPU Util is currently under 20% of the IPFire Instance. Memory is only 19% used, according to the memory tab, and thatβs with squid and the IPS running.
Regarding the number of connections, there is no reason to add another instance for as long as the hardware can handle the load.
I have a couple of machines in production with some customers that frequently reach just shy of a million connection and that works fine. I just wanted to say that the limit has a reason to prevent the system to exhaust all system resources for no reason. It practically protects you from denial-of-service attacks.
You might want to consider to add another firewall just in case the first one goes down. You will lose a large number of connection which presumably affects a large number of customers. For that, load-balancing might be interesting.
