====== Tuning your IPCop ======

There are various bits of performance tuning you can do to get the most out of your firewall. As it is fundamentally a network device, network tuning is the main focus. The 2.4 kernel used in the current IPCop is pretty good at auto-configuring the network, but if you have memory to spare and a high-bandwidth upstream connection, or if you use gigabit locally, you can get some performance increase using the changes below.

===== Network Tuning Quick Fix =====

==== For Gigabit networks with 1G of RAM ====

Append to /etc/sysctl.conf

''
net/core/rmem_max = 8738000 \\
net/core/wmem_max = 6553600 \\
net/ipv4/tcp_rmem = 8192 873800 8738000 \\
net/ipv4/tcp_wmem = 4096 655360 6553600''

Then run 

''sysctl -p''

Then edit /etc/rc.firewall.local and add 

''ifconfig <interface> txqueuelen 2000''

for each available interface. If you see large numbers of collisions on any interface after this change, reduce the txqueuelen by 50% and check again. Repeat (taking it to 500) if needed. 

==== For 100Mbit networks or with memory constraints ====

Append to /etc/sysctl.conf

''
net/core/rmem_max = 873800 \\
net/core/wmem_max = 655360 \\
net/ipv4/tcp_rmem = 8192 87380 873800 \\
net/ipv4/tcp_wmem = 4096 65536 655360 ''

Then run 

''sysctl -p''

Then edit /etc/rc.firewall.local and add 

''ifconfig <interface> txqueuelen 1000''

for each available interface. See notes above re: collisions.