So I bumped this number on our quite busy firewall up from 256 
 to 1024 and later to 4096, but I still get 1'026'678 dropped 
 packets during 8 days uptime.
 
I think this is unwise and will just result in more memory stress.  If
4096 doesn't help, you're not keeping up often, or there's something
else going on.  I'd be nervous putting this above 256 - people usually
don't and then you'll be stressing the mbuf system more than others
have stressed it and fixed it.

Where are the packets being dropped?  Normally received packets get
put on the (single, system-wide) IP input queue, and then a soft
interrupt causes them to be processed and placed on output queues.
Can you post your statistics that point at this?   "netstat -s" is
very useful if you haven't run that, as is "netstat -i".


-- 
    Greg Troxel <gdt@ir.bbn.com>