On Wed, 20 Sep 2000, Reuven _t wrote:
> check to see that you are not using a "Bad" address translation rule.
> it seems that when you are using a "big" network ( like 10.0.0.0/8 ) and
> divide this network to smaller ones ( like a CID 24 networks ) and use those
>
> subnets in a group and NAT that group, the firewall will use up allot
> of memory to parse those rules ( hence the message you got )
> to solve this problem do.
>
> 1. add more memory to be used by the Kernel module ( I know how to do that
> in Solaris and NT but for Linux I guess you will need to hit the books ).
For Linux, that would require changing kmalloc.c to deal with blocks larger
than 128Kb. I might get around to trying that. I don't know what changing
that part of the kernel would break.
> 2. If you have such a "Bad" address translation rule as I described then
> use super net in your rule.
Doesn't help me unfortunately. I have lots of small network numbers, but
they're not part of 10. Thanks for the insight, however.
------------------------------------------------------------------
Sid Van den Heede Open Text Corporation
+1 519 888 7111 x2211 185 Columbia Street West
+1 519 888 0677 (fax) Waterloo, Ontario, Canada N2L 5Z5
[EMAIL PROTECTED] OpenPGP key available on www.keyserver.net
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
