sys/netinet/ip_state.h

try setting these two lines

#define IPSTATE_SIZE    5737
#define IPSTATE_MAX     4013    /* Maximum number of states held */

to

#define IPSTATE_SIZE    22948
#define IPSTATE_MAX     16052   /* Maximum number of states held */

or larger.

 I know I was having a similar problem when some programs would leave alot
of entries in the state table, and this resolved it.


-Bri

On Thu, 25 Oct 2001, Emmanuel Dreyfus wrote:

> > how many entries is there in the state table ?
>
> I'll check this tommorrow, but it's certainly more than 200 (there is
> about a thousand of machines behind the firewall)
>
> > See LARGE_NAT in net/ip_nat.h, maybe it's the problem.
>
> There is no NAT running on this machine. I'm concerned about the state
> table produced by keep state rules in ipf.conf
>
> --
> Emmanuel Dreyfus
> manu@netbsd.org
>