Hauke Fath wrote:
At 21:01 Uhr -0700 31.08.2007, Darren Reed wrote:
Hauke Fath wrote:
...
[EMAIL PROTECTED] /home/hf # ipfstat -s
IP states added:
...
15701 maximum
...
I'm willing to bet that because you are hitting the roof with
your state table entries, the ssh connections are being flushed
out as part of the "idle cleanup".
Hm. Many people are still on holiday, so last week's network load
wasn't too high. Is there any way of increasing the size of the state
memory pool?
And is http://www.phildev.net/ipf/IPFprob.html#prob9 of any relevance
here?
Sort of. Once the connection is gone from the state table, it has
to be able to be recreated. SO if you only have "flags S keep state"
then the state wont be recreated when an ACK comes along.
Darren
