I've recently run into the issue described on ticket #1931 and on the forum thread below:
http://cvstrac.pfsense.org/tktview?tn=1931 http://forum.pfsense.org/index.php/topic,16314.0.html Even though we only have about 200 port forwards, we have 6 local interfaces so we've quickly run into this limitation. So a couple questions before I go and tackle this issue: 1. Why the limitation of 1000? Is that more or less arbitrary to keep from too many local ports from being used by the inetd nc rules, or could it be increased some? 2. If I write a patch to limit the number of inetd entries below the above limit, will it be accepted upstream? We should be able to stop the inetd nc port multiplication issue so we will be able to reflect up to 1000 ports, but there will still be $num_interfaces * $num_portforwards NAT redirect rules generated. If the patch is likely to be accepted upstream, I'm more likely to spend time to write a 'proper' solution instead of just hacking it. :-) Thanks Dave --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
