Back Story: Old Server (X32 system, probably FreeBSD 4.3-ish) New Server (Dual core, X64 with plenty of RAM) running 8.1-RELEASE
New Server was put in production last night as a core router, with the same rc.conf, firewall rule set and config from the old router that has been working for years. At around 12 Lunchtime we had reports of no internet connectivity, I've jumped onto the router and seen that it is blocking a whole heap of internal to external DNS server traffic, along with other would-be allowed traffic. I promptly flushed the firewall ruleset with "ipf -Fa", and noted that the rules did clear - Issue still existing. I re-loaded the rule set, no change. Upon restart, the router began to behave itself again... I have been using "ipfstat -ts | grep active" to get a count of state entries, and comparing to the 4013 default. We are sitting on around ~2000 state entries. I am aware I can flush the state table, but until the router breaks itself again, I cannot clear it. Does this sound like a full state table? Am I using the best method to check? Is there any form of notification that this is happening anywhere? -- Murray Taylor Bytecraft Systems Special Projects Engineer P: +61 3 8710 0600 D: +61 3 9238 5168 F: +61 3 9238 5140 |_|0|_| "Absence of evidence |_|_|0| is not evidence of absence" |0|0|0| Carl Sagan --------------------------------------------------------------- The information transmitted in this e-mail is for the exclusive use of the intended addressee and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of it, or the taking of any action in reliance upon this information by persons and/or entities other than the intended recipient is prohibited. If you received this in error, please inform the sender and/or addressee immediately and delete the material. E-mails may not be secure, may contain computer viruses and may be corrupted in transmission. Please carefully check this e-mail (and any attachment) accordingly. No warranties are given and no liability is accepted for any loss or damage caused by such matters. --------------------------------------------------------------- ### This e-mail message has been scanned for Viruses by Bytecraft ### _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"