On 2013-08-11 16:59, James Relph wrote:
I'll pass that on to someone actually, thanks, although would we lose pings
with that (had pings running to test for a network issue and never had packet
loss)? It's a bit of a puzzler!
Also, does your host use ipfilter to filter and/or NAT access to the
iSCSI and NFS services? It might be that you run out of "buckets"
needed to track sessions. I am not sure what the defaults are now,
but remember needing to bump them a lot on an OpenSolaris SXCE 129
firewall.
There was this patch to /lib/svc/method/ipfilter :
configure_firewall()
{
create_global_rules || exit $SMF_EXIT_ERR_CONFIG
create_global_ovr_rules || exit $SMF_EXIT_ERR_CONFIG
create_services_rules || exit $SMF_EXIT_ERR_CONFIG
[ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0
### Enforce and display state-table sizing
### Jim Klimov, 2009-2010
ipf -D -T
fr_statemax=72901,fr_statesize=104147,fr_statemax,fr_statesize -E -T
fr_statemax,fr_statesize
# ipf -E
load_ippool || exit $SMF_EXIT_ERR_CONFIG
load_ipf || exit $SMF_EXIT_ERR_CONFIG
load_ipnat || exit $SMF_EXIT_ERR_CONFIG
}
Again, I have no idea if any of this (the fr_* line) is needed on todays
systems; the defaults in SXCE were pretty much too low, as contemporary
blogs and forums helpfully pointed out...
HTH,
//Jim Klimov
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
