On 14-Jul-00 Sujit Choudhury wrote:
> I can also report that it is working. I was told that doing REJECT
> instead of DROP created the problem in the first place. So I changed
> most actions which had REJECT to DROP and included the line
>:udp_reject (false)
> at the right place.
>
> Thanks to everybody who responded.
After 12 days uptime, my machine went down again - that's twice as long as
before, but still anoying. I've added ":udp_reject (false)", modified
/etc/system to include "set sq_max_size=200". The only thing I don't want to
change is the "REJECT" for my last (any,any,any) rule...
Dieter
> Sujit
>
> On Sat, 15 Jul 2000 08:43:20 -0600 "Jeffrey L. Oliver"
> <[EMAIL PROTECTED]> wrote:
>
>> Thanks to all who responded. This seems to have solved the problem. The
>> f/w
>> has been up for 3 days now and still has lots of "real" memory left. It
>> hasn't
>> even looked at the swap memory.
>>
>> Once again, Thanks.
>>
>> Jeff
>>
>>
>> "Jeffrey L. Oliver" wrote:
>> >
>> > I was emailed a tip as follows:
>> >
>> > ***************************
>> > Gentlemen,
>> >
>> > I too suffered long and hard with this problem, sending many dumps to SUN,
>> > talking myself blue in the face to my VAR. Finally, a friend at CKP,
>> > pointed me to a url. They used
>> > to have www pages that listed known bugs and the associated FW
>> > version/level along with operating systems. Oh, how I long for those days,
>> > the knowledge base is almost useless
>> > in my opinion. I would much prefer to page through ALL known problems,
>> > what
>> > is to say I don't have a problem that I have yet to even find!!!!! But I
>> > have rambled enough.
>> >
>> > This patch worked for me... running FW 4.0 sp1 on Solaris 2.6 with
>> > recommend security patches. The following came directly from a "old" CKP
>> > page. (Remember back up the file
>> > before altering, AND, I nor my employer take no responsibility; just
>> > trying to help.)
>> >
>> > 1. Stop Firewall-1 by running $FWDIR/bin/stop.
>> > 2. Edit $FWDIR/conf/objects.C After the line: :props( Add the line:
>> > :udp_reject (false)
>> > 3. Start Firewall-1 by running $FWDIR/bin/fwstart.
>> >
>> > Good luck,
>>
>>
>>
>>
>> --
>> Sys Admin. It's a dirty job, but someone said I had to do it!
>> ------------------------------------------------------------------------
>> Jeffrey L. Oliver Tel: (403) 329-5162
>> Network Analyst Cell: (403) 315-4461
>> The University of Lethbridge
>> 4401 University Drive email: [EMAIL PROTECTED]
>> Lethbridge, Alberta www: http://home.uleth.ca/~jeff.oliver
>
> ----------------------
> Sujit Choudhury
> Unix & E-Mail Systems Administrator
> E-Mail : [EMAIL PROTECTED]
> Ext Tel No: 020 - 7753 3105
> Internal Tel No: 2302
Dieter Gobbers
UNIX Systems and Network Administrator
--
im Auftrag des FAW Ulm (http://www.faw.uni-ulm.de)
Ingenieurbuero Dieter Gobbers; Unix- und Netzwerkberatung und -betreuung
Kreuzstr. 19, 89160 Dornstadt, Tel.: 07348/928538
email: [EMAIL PROTECTED], http://www.gobbers.de
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
