On Tue, Jul 01, 2003 at 09:22:02PM -0700, Daniel Williams wrote: > /bsd: pf: state insert failed: tree_ext_gwy lan: 192.168.1.250:43445 gwy: > #externalIP#:47566 ext: #externalHOST#:8080
Can you estimate how many concurrent connections you have from #externalIP# to #externalHOST# port 8080 at the time when this error occurs? pf has to chose a unique proxy port for each concurrent NAT'ed connection (to the same external host and port). The default proxy port range is 50001-65535. That means about 15000 concurrent NAT'ed connections from the gateway to the same external host:port. If you expect that many concurrent connections to one external host:port, you can change the proxy port range with nat on $ext_if from $internal_net to any -> #externalIP# port 1025:65535 There was a bug in the proxy port selection code in 3.3-release which resulted in proxy ports not making use of the entire range and potentially re-using an already used proxy port, which then results in the error message you quoted. Can you update to -stable (or -current) and retry? Daniel
