On Sun, Jun 21, 2015 at 01:32:36PM +0200, Milan Obuch wrote: > One observation, on pfctl -vs info output - when src-limit counters > rises to 30 or so, I am getting first messages someone has problem. Is > it only coincidence or is there really some relation to my problem?
This might be a clue. That counter shouldn't increase. It means something triggered a PFRES_SRCLIMIT. Are you using source tracking for anything else besides the NAT sticky address feature? If not, the only explanation for a PFRES_SRCLIMIT in a translation rule is a failure of pf.c pf_insert_src_node(), which could only be an allocation failure with uma_zalloc(). Do you see any allocation failures? Log entries about uma, "source nodes limit reached"? How about vmstat -m? Daniel _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
