Date: Mon, 13 Dec 2004 09:18:04 GMT From: Daniel Hartmeier <dhartmei@FreeBSD.org> To: dhartmei@FreeBSD.org, freebsd-bugs@FreeBSD.org, dhartmei@freebsd.org Subject: Re: kern/74930: pf crashes the system (unknown reasons) Message-ID: <200412130918.iBD9I4uo064007@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: pf crashes the system (unknown reasons) Responsible-Changed-From-To: freebsd-bugs->dhartmei@freebsd.org Responsible-Changed-By: dhartmei Responsible-Changed-When: Mon Dec 13 09:10:35 GMT 2004 Responsible-Changed-Why: There can be only one connection using the same source/destination address/port quadruple at the same time. When using static-port, this rule is easily violated (when opening multiple connections from the same source port to the same destination address/port), i.e. if you have only one NAT address, you can have only one concurrent connection like that. To support N concurrent connections (to the same server and port), you need N addresses in the NAT pool. Maybe the protocol does not require static source addresses, and you can just remove the 'static-port' option. However, locking up the kernel (in an endless loop trying to find an available NAT address) is a bug in pf. You should get an error like ""pf: NAT proxy port allocation (0-0) failed" instead. A fix is being worked on. http://www.freebsd.org/cgi/query-pr.cgi?pr=74930
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412130918.iBD9I4uo064007>