Christoph Monig <[EMAIL PROTECTED]> wrote:
>
> For some clients, parts of the Internet disappear. you can't ping, ftp,
> or http to some
> adresses, while to others you can.
Are you using ipautofw? It is known to cause symptoms similar to this,
if you use its features too aggressively.
> When I reboot my masq-gate, everything seems to turn back to normal.
You really should do more analysis rather than just reboot. That way
you can find out what the problem is. :)
My guess is that you are running out of ports. Run the command
ipfwadm -M -l -n
and see how many connections are active at the time of the problem. If
there are a large number of them, it means your masq box is being
overloaded with requests. You can attempt to reduce them by reducing
the timeouts, as another poster suggested, but if you do, you run the
risk of long-term, idle connections being spontaneously disconnected
(such as a telnet session left idle for too long).
If most of your traffic is web-related (port 80), you may consider
running a transparent-proxy version of Squid, to multiplex the
connections without using the masq layer.
You might also consider rebuilding your kernel with a larger number of
masq ports, but I would try that only after determining the source of
the problem. You may simply have an over-aggressive client behind your
network (such as GameSpy) which uses up all the ports because it
continually disconnects and reconnects. If so, then stop running the
naughty client. :)
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
