On Thu, Aug 27, 2009 at 2:15 PM, David Rees<[email protected]> wrote: > I've recently run into the issue described on ticket #1931 and on the > forum thread below: > > http://cvstrac.pfsense.org/tktview?tn=1931 > http://forum.pfsense.org/index.php/topic,16314.0.html > > Even though we only have about 200 port forwards, we have 6 local > interfaces so we've quickly run into this limitation. > > So a couple questions before I go and tackle this issue: > > 1. Why the limitation of 1000? Is that more or less arbitrary to keep > from too many local ports from being used by the inetd nc rules, or > could it be increased some?
Because of some of the issues you outlined in #2. > 2. If I write a patch to limit the number of inetd entries below the > above limit, will it be accepted upstream? We should be able to stop > the inetd nc port multiplication issue so we will be able to reflect > up to 1000 ports, but there will still be $num_interfaces * > $num_portforwards NAT redirect rules generated. If the patch is > likely to be accepted upstream, I'm more likely to spend time to write > a 'proper' solution instead of just hacking it. :-) We will gladly accept changes for this. Thanks! Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
