Re: Ipfw on the fritz?
On Thu, Sep 18, 2003 at 05:21:36PM +, Mark wrote: - Original Message - From: Josh Paetzel [EMAIL PROTECTED] To: Mark [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, September 18, 2003 2:54 AM Subject: Re: Ipfw on the fritz? On Thu, Sep 18, 2003 at 12:21:58AM +, Mark wrote: Eek, I just got these eery messages in /var/log/messages: The following thread may be of interest to you: http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-June/000215.html Thank you for the thread. But a bad situation just got worse; all of a sudden I got these too: Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries Sep 18 17:45:06 asarian-host /kernel: drop session, too many entries Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries Sep 18 17:45:16 asarian-host /kernel: drop session, too many entries Too many entries? I have net.inet.ip.fw.dyn_max set to 1000. And there are certainly not a 1000+ dynamic rules. Well, thinking out loud, there would be if OUCH! cannot remove rule. :( Looks like that is what is happening here. Is there an ipfw patch somewhere, so I can rebuild the kernel? I do not wish to perform a cvsup, as that tends to make the system unstable. But if I can compile a new kernel on a Vmware box, and then copy over /kernel to the real server, well, that I dare give a try. Thanks, - Mark I don't know if an ipfw patch exists or not. I'm tempted to say there probably isn't, but I could be way off base there. I don't know what you mean about cvsup making the system unstable, I've had very good luck tracking RELENG_4_8, which is nothing more than 4.8-RELEASE with bug fixes. As far as running a new kernel, you can't run a new kernel on an old userland, that will break numerous things on your system. :-/ Josh Paetzel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Ipfw on the fritz?
Eek, I just got these eery messages in /var/log/messages: Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 That does not look good. :( I run FreeBSD 4.7R. Today I added a few rules using limit src-addr. Could that be it? And what does it mean? Are some rules broken after this? I never had this happen before. Why would ipfw even want to remove rules? Baffled Concerned, - Mark ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Ipfw on the fritz?
On Thu, Sep 18, 2003 at 12:21:58AM +, Mark wrote: Eek, I just got these eery messages in /var/log/messages: Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 2 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 Sep 18 02:00:18 asarian-host /kernel: OUCH! cannot remove rule, count 1 That does not look good. :( I run FreeBSD 4.7R. Today I added a few rules using limit src-addr. Could that be it? And what does it mean? Are some rules broken after this? I never had this happen before. Why would ipfw even want to remove rules? Baffled Concerned, - Mark The following thread may be of interest to you: http://lists.freebsd.org/pipermail/freebsd-ipfw/2003-June/000215.html Josh Paetzel ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]