Hello List, I was experimenting with the maximum number of TCP-ports that can be NAT reflected and the built-in limit of 990 ports (or 1000 as the error message reads) does not seem to be so arbitrary on both 1.2.3 and 2.0. When trying to up the limit to 2000 ports in /etc/inc/filter.inc (and creating corresponding /etc/services entries) inetd takes some time to start but only services the first 1006 nat reflection entries (internal reflection port 19000-20005 plus the tftp-helper entry in /var/etc/inetd.conf). The 1007th port (and all thereafter) successfully connect to inetd and data can be sent to it, but inetd never calls nc and the connection never reaches the endpoint. Instead the following error is logged to /var/log/system.log: Apr 6 18:01:04 fw01 inetd[17900]: accept (for 21324): Resource temporarily unavailable We suspected some filehandle/socketnumber limit (like ulimit on linux) and tried adjusting kern.maxprocperuid=10000, kern.threads.max_threads_per_proc=10000, kern.maxfiles=30000, kern.maxfilesperproc=27000, kern.ipc.maxsockets=24000 but to no avail. Any freebsd/inetd gurus lurking on the list with ideas ?
Thanks and best regards, Aarno -- Aarno Aukia Atrila GmbH Switzerland --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
