Date: Sun, 19 Jan 2003 16:02:05 +0000 From: Matt Douhan <mdouhan@fruitsalad.org> To: freebsd-net@freebsd.org Subject: ipfilter/ipnat problems Message-ID: <200301191602.13233.mdouhan@fruitsalad.org>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi I am hoping this is the right forum for my question I am running 4.7-STABLE as of 18th Jan 2003, usinf ipf/ipnat for firewall, during normal loads (ipnat -l showing about 1000 connections) everything works fine, but during higher loads ipnat -l showing over 3000 conns, the firewalls get into a state where they drop connections, and users fall off IRC, web pages gets connection refused messages and mailservers start to have timeout problems. I have recompiled the kernel with LARGE_NAT defined that did not help, I have changed the values in ip_state.h as per darrens suggestions on the web, this does not help, I have changed tcp idle timers using sysctl to try and tear down connections faster but none of this helps. Anyone have any ideas? Please reply direct to my email as I am not subscribed to this list normally - -- - ------------------------------------------------------------------------------------ Matt Douhan www.fruitsalad.org CCIE #4004 *** ping elvis *** *** elvis is alive *** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+KswCkU5PITZniCURAp41AKCGJyI5m96HmaNeYqvWsFgE0m9eRwCeLBdA GIhv55njFeqXmSNmhAftOoU= =EeQ6 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301191602.13233.mdouhan>