On 11/16/05, Jon Hart <[EMAIL PROTECTED]> wrote: > pass in on $CLIENT_IF inet proto tcp from $CLIENT_NET to $SERVER_NET \ > port 12345 flags S/SA modulate state
I know it's a stupid question, but have you tried the same ruleset, but not modulating state? How about the same rules, with pass in/out rules and no:"keep state"? > Any input, whether its pf, OpenBSD or > client related would be much appreciated. While running similar tests (httperf or http_load) with large numbers of TCP sessions where the client and the server are running OpenBSD, I've run into issues which appear to be related to filling up the local host (not pf) TCP state table with TIME_WAIT entries on the client, the server, or both. This can be diagnosed by running "netstat -np tcp" on the client/server, right when the problem starts. Kevin Kadow