Am 16.03.2009 um 14:58 schrieb Falk Brockerhoff - smartTERRA GmbH:
I run OpenBSD 4.4 GENERIC#1021 i386 on a Dell Poweredeg 2650 System as a firewall. Lan side I configured multiple carp Interfaces - without any backup system at the moment (for testing purposes). Almost all is running fine, but sometimes I get a "no route to host" error - not for all routes/interfaces, but one or two...
I figured it out. I started monitoring severial system, interface und pf information and graphed them using cacti. So I was able to see a dependence between the appearance of my problem and the amount of entries in pf's session state table. Increasing this value solves the problem.
Maybe, is there any possibility to get pf logging this "max entries of state table exceeded" to syslog?
Regards, Falk
