From owner-freebsd-questions Tue Aug 6 15:31:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D4AC537B400 for ; Tue, 6 Aug 2002 15:31:08 -0700 (PDT) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19FCE43E42 for ; Tue, 6 Aug 2002 15:31:08 -0700 (PDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: from be-well.ilk.org (lowellg.ne.client2.attbi.com [24.147.188.158]) by be-well.ilk.org (8.12.5/8.12.5) with ESMTP id g76MV7CH034119 for ; Tue, 6 Aug 2002 18:31:07 -0400 (EDT) (envelope-from freebsd-questions-local@be-well.no-ip.com) Received: (from lowell@localhost) by be-well.ilk.org (8.12.5/8.12.5/Submit) id g76MV6Ww034116; Tue, 6 Aug 2002 18:31:06 -0400 (EDT) X-Authentication-Warning: be-well.ilk.org: lowell set sender to freebsd-questions-local@be-well.ilk.org using -f To: freebsd-questions@freebsd.org Subject: Re: /kernel: drop session, too many entries References: <1028666145.38776.66.camel@Demon.vickiandstacey.com> <2599.192.168.1.10.1028669060.squirrel@email.unixhideout.com> <1028670181.38776.89.camel@Demon.vickiandstacey.com> <3166.192.168.1.10.1028671621.squirrel@email.unixhideout.com> From: Lowell Gilbert Date: 06 Aug 2002 18:31:06 -0400 In-Reply-To: <3166.192.168.1.10.1028671621.squirrel@email.unixhideout.com> Message-ID: <443ctrd3h1.fsf@be-well.ilk.org> Lines: 19 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Mike" writes: > Hmm. Are you using dummynet? To restrict connections per ip and things > like that? for example look at my rule for www, > ${fwcmd} add 01500 allow log tcp from any to ${ip} 80 setup keep-state > limit src-addr 4 > > It limits connections per ip. So maybe its possible that a client has > requested 5 connections and hence, > > /kernel: drop session, too many entries > > maybe? I guess i will wait for replies. I would be more inclined to guess that it's hitting the limit of dynamic rules: sysctl net.inet.ip.fw.dyn_max [info available in the manual for ipfw(8)] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message