Date: Tue, 02 Sep 2008 18:19:43 -0700 From: Gavin Spomer <spomerg@cwu.EDU> To: freebsd-pf@freebsd.org Subject: Re: PF is blocking inbound/outbound ssh, nothing else Message-ID: <48BD83BF020000900001CC53@hermes.cwu.edu>
next in thread | raw e-mail | index | archive | help
>>> Alex Trull <alex@trull.org> 09/02/08 3:22 PM >>>
> > Gavin,
> >=20
> > Could mean you've maxed out your connection states pf=20
> >=20
> > if you've got a default amount of states, that means a 10k=20
> > state limit - check the output of the following for the=20
> > current states:
> >=20
> > pfctl -s all | grep current
> >=20
> > if it's at 10k or thereabouts, raise it :)
Thanks Alex. It says current entries is 0. What does that mean?
> > set limit { states 20000 }
> >=20
> > obviously, 20000 may still be too small, see how it scales=20
> > once you've raised the limits.
I tried setting it all the way to 100000. Still no change.
> >=20
> > You may also have run out of source ports, but that is=20
> > another kettle of fish.
What do you mean by that? If this part is not relevant to this list, could =
you please email off-list, maybe point me in the right direction? If you =
are referring to tcp/udp ports, I am running a LOT of stuff on this =
server!
> > --
> > Alex
Obviously I'm still quite the newb to pf, so I'll look at some more =
info... do my homework. The "pfctl -s all" is a great tip. Thanks. Looks =
like lots of good info there, just need to figure out what it all means. =
:)
- Gavin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48BD83BF020000900001CC53>