Hi Stuart,
Thanks a bunch for you suggestions. This email got lost in my inbox.
Will let you know if I have some questions. Appreciate your help :)
Thx
On 1/11/11 1:43 PM, Stuart Henderson wrote:
On 2010-12-03, Godesidabhee...@aim.com wrote:
relay web {
Try applying this diff from
On 2010-12-03, Godesi dabhee...@aim.com wrote:
relay web {
Try applying this diff from -current and rebuilding relayd.
It is an inline diff, if your mail client has problems giving
you valid plaintext then try pasting it from a web-based
mailing list archive instead.
I think the diff will
On 12/20/10 15:52, Kevin Wilcox wrote:
On 19 December 2010 07:16, Henning Brauerlists-open...@bsws.de wrote:
you're way off ;)
I had 2 million during a DDoS. things got a bit slow but everything
worked.
Henning - out of curiosity, what were the specs on that hardware?
It may be interesting
* Kevin Wilcox ke...@tux.appstate.edu [2010-12-20 16:01]:
On 19 December 2010 07:16, Henning Brauer lists-open...@bsws.de wrote:
* Ryan McBride mcbr...@openbsd.org [2010-12-03 09:52]:
More than 100,000. I havn't tested lately (planning to do so soo), but I
would expect somewhere closer to
On 19 December 2010 07:16, Henning Brauer lists-open...@bsws.de wrote:
* Ryan McBride mcbr...@openbsd.org [2010-12-03 09:52]:
More than 100,000. I havn't tested lately (planning to do so soo), but I
would expect somewhere closer to 500,000.
you're way off ;)
I had 2 million during a DDoS.
* Ryan McBride mcbr...@openbsd.org [2010-12-03 09:52]:
On Thu, Dec 02, 2010 at 11:22:08PM -0500, Godesi wrote:
2. How much states can i really have on a box that has 4 gig ram?
More than 100,000. I havn't tested lately (planning to do so soo), but I
would expect somewhere closer to 500,000.
would expect somewhere closer to 500,000.
you're way off ;)
I had 2 million during a DDoS. things got a bit slow but everything
worked.
Hmm..thanks guys. I am stumped as even with 100K states set in pf, the
box was dying. Dying meaning I couldn't ssh (intermittent) , carp was
failing etc
On 12/8/10 2:09 PM, Ryan McBride wrote:
On Wed, Dec 08, 2010 at 12:39:12PM -0800, dabheeruz wrote:
We are seeing the issue again and I am writing a script to get the
pfctl -vvsi data at regular intervals. Can you please point me to
what values I should be looking out for?
You want to look for
Hi Ryan,
We are seeing the issue again and I am writing a script to get the
pfctl -vvsi data at regular intervals. Can you please point me to
what values I should be looking out for?
Thanks
Parvinder Bhasin
On 12/3/10 11:32 AM, dabheeruz wrote:
Thanks Ryan! Unfortunately when this happened
On Wed, Dec 08, 2010 at 12:39:12PM -0800, dabheeruz wrote:
We are seeing the issue again and I am writing a script to get the
pfctl -vvsi data at regular intervals. Can you please point me to
what values I should be looking out for?
You want to look for any of the counters in the Counters
. Users not being able to get to site and sometimes they
could. When I tried to ssh into the box , I couldn't and after couple
of retries when I was finally logged in. I try to do relayctl show
hosts or relayctl show sessions or any other command. I got error.
When I looked at PF states
Godesi dabhee...@aim.com wrote:
We recently deployed OBSD4.7 boxes to do load balancing in our
environment with relayd.
After few hours we encountered problem with the server going beyond
10,000 states.
Are you convinced that it is a state problem?
In our tests we have found that a default
On Thu, Dec 02, 2010 at 11:22:08PM -0500, Godesi wrote:
1. Do I need pf for relayd when I am not doing redirects?
I don't think so, but this is easy for you to test...
2. How much states can i really have on a box that has 4 gig ram?
More than 100,000. I havn't tested lately (planning to
Thanks Ryan! Unfortunately when this happened I was remote and could not
grab those stats. But what should I be looking for in term of badness.
Maybe I can quickly setup something to monitor for particular stat.
Really appreciate your input.
Thx.
On 12/3/10 12:41 AM, Ryan McBride wrote:
Hi,
We recently deployed OBSD4.7 boxes to do load balancing in our
environment with relayd.
After few hours we encountered problem with the server going beyond
10,000 states. After much research and man pages, we setup states to a
ridiculous number.
Yes the number was 100,000. We also changed
It's related to timeout options.
man pf.conf(5), Options sections, timeouts.
By default, pf offers to you a three 'lists' of timeouts values:
Conservative, Normal and Aggressive.
If you want to drop completely the connections states early, you can use
Aggressive staff. But PF is extremely
Hello!
I have question about PF.
I have just found interesting behavior of of PF.
For example if I fix source port and run from my PC:
echo 'aaa' | nc -p www.my.rerver 80
I got response.
But if I just run this command again - connection stuck.
I should wait about 1 min to be
On Fri, May 2, 2008 at 7:35 AM, B A [EMAIL PROTECTED] wrote:
Hello!
I have question about PF.
I have just found interesting behavior of of PF.
For example if I fix source port and run from my PC:
echo 'aaa' | nc -p www.my.rerver 80
I got response.
But if I just
I found this notes
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c?rev=1.559content-type=text/x-cvsweb-markup
Will try upgrade (I'm running 4.1) and see
02.05.08, 20:21, Kian Mohageri [EMAIL PROTECTED]:
States aren't purged immediately. Take a look at the timeout values,
19 matches
Mail list logo
