Hi,
When I put in some rdr rules for p2p stuff, it works for a couple of
hours, then the node becomes unresponsive. The node has 48MB of RAM.
The following settings are in place:
set timeout { udp.first 300, udp.single 150, udp.multiple 900 }
All other settings are default. I had "pfctl -s state | wc -l"
running, and just before it became unresponsive, there was 2400 lines
or so, and had been decreasing from a high of 3200 or so. At the time
it becomes unresponsive, extant ssh connections time out, new ssh
connections are rejected (perhaps by the smart switch). I believe I
saw arps for its address going unanswered. On the console, everything
looks fine (top shows not all memory being used, I can tcpdump, the
interfaces are up, there is nothing in dmesg or /var/log/messages
indicating a problem). The ruleset looks fine. I did a "pfctl -F
state" and reloaded the ruleset, and it started working again.
Anyone got any ideas what is going on, or what I can do to troubleshoot it more?
--
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
