Date: Tue, 18 Aug 1998 01:04:58 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: Jeff@Wagsky.com (Jeff Kletsky) Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Increasing IP_FW_MAX_PORTS seems to fail Message-ID: <199808172304.BAA24079@labinfo.iet.unipi.it> In-Reply-To: <l03110702b1fe4679e025@[192.168.6.3]> from "Jeff Kletsky" at Aug 17, 98 03:45:30 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> In order to pass H.323 conferencing, we need to increase the number of > ports explicitly called out in our ipfw configuration. Currently running > -STABLE with a last CVSup of 980815. > > After editing /usr/src/sys/netinet/ip_fw.h to reflect the increased number > of ports (16 attempted from original 10) and examining the .depend files > the following were 'make; make install'-ed: not the way to go... just duplicate rules instead: ipfw add accept udp from X p1,p2,..,p9 to ... ipfw add accept udp from X p10,p11,..,p16 to ... > Upon reboot, ipfw does not function, with the error message: > > ip_fw_ctl: len=104, want 116 > > (somewhat confusing since ip_fw.h says: > * Warning: setsockopt() will fail if sizeof(struct ip_fw) > MLEN (108) are you using dummynet by chance ? This would add a field to the mbuf header and reduce the usable slace (MLEN) to 104 ... and the number of usable ports per rule with dummynet is even lower since i need more room in the firewall structs for other fields. cheers luigi -----------------------------+-------------------------------------- Luigi Rizzo | Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it | Universita' di Pisa tel: +39-50-568533 | via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 | http://www.iet.unipi.it/~luigi/ _____________________________|______________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808172304.BAA24079>