Re: [fw-wiz] Linux ARPD -- neighbor table overflow

From: Paul D. Robertson (
Date: 03/19/04

  • Next message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
    To: Jeff Adam <>
    Date: Thu, 18 Mar 2004 21:27:22 -0500 (EST)

    On Thu, 18 Mar 2004, Jeff Adam wrote:

    > I have run into a problem recently with arp table size limitation in the
    > Linux kernel.
    > A bit of History
    > I have been using the same box as a firewall for past couple of years
    > and it has performed flawlessly Linux 2.4 / iptables but every couple of
    > months the number of nodes on the LAN increases by 20 to 60 usually on
    > the high end of that range we are already beyond 500 computers
    > approaching 600 with plans to add 40 to 60 additional computers already
    > being discussed. We have recently developed a problem with neighbor
    > table overflows on the firewall during peak hours.
    > I believe I have the problem repaired I recompiled the kernel with arpd
    > support and netlink and installed arpd and made some changes in /proc
    > Some other issues developed with arpd that were unexpected
    > the problem is all of the documentation I found on arpd was rather dated
    > including one written in 2001 that claimed the package (arpd) was far
    > beyond abandoned by the upstream maintainer. im sure networks with more
    > than 256 nodes are not that uncommon. My question is what experiences
    > have other readers of the list had with this issue and what other
    > solutions are there besides arpd for this issue.
    [I don't know what the binary stuff was at the bottom of your message,
    that's what was forcing it to base-64- please fix it before responding.]

    Have you seen:

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"

    Relevant Pages