>> Jun 13 11:05:01 spock /bsd: pf: NAT proxy port allocation (50001-65535)
>> failed
>>
>> Can this be the cause of my errors?
>Yes, you have run out of available ports to NAT from.
>The straightforward answer is to NAT from a larger pool of addresses
>i.e. nat ... -> { 1.1.1.1, 2.2.2.2, 3.3.3.0/24}
>
>The 50001:65535 range is set in /usr/src/sbin/pfctl/pfctl_parser.c
>(PF_NAT_PROXY_PORT_LOW and ..._HIGH) which might give some opportunity
>to shoot yourself in the foot (especially if you don't bother to make
>related changes to sysctl net.inet.ip.port* to keep some hiports free
>for connections from the box itself).
If I look at the state table, I see :
State Table Total Rate
current entries 3744
searches 2144319853 2594.8/s
inserts 6610702 8.0/s
removals 6606958 8.0/s
Can I have more NAT port consumption than states? Is there a way to see wich
nat consumes the most ports so I can add ip aliases to this specific nat?
Thanks,
Andy.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.472 / Virus Database: 269.8.15/847 - Release Date: 12/06/2007
21:42
______________________________________________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager at :
[EMAIL PROTECTED] or call +32-(0)11-240234.
This footnote also confirms that this email message has been swept by Sophos
for the presence of computer viruses.
______________________________________________________________________
