Nope. I was hoping for another solution, especially given that:
1. the only thing runnings on this machine are pf and relayd
2. there's zero traffic going to it at present
3. there's only one site being load balanced
it seems like it shouldn't be necessary.
I'm open to it, if that's the only choice, but it strikes me as outside of
the bounds of normal operation.
On Thu, Jan 5, 2017 at 9:07 AM, Peter Faiman <peterfai...@gmail.com> wrote:
> Have you modified your open file limits in /etc/login.conf? Especially in
> the daemon section?
>
> Peter
>
> > On Jan 5, 2017, at 08:50, Kevin <spy...@gmail.com> wrote:
> >
> >> On Tue, Jan 3, 2017 at 1:16 PM, Kevin <spy...@gmail.com> wrote:
> >>
> >> Hey gang,
> >>
> >> So I'm putting a new firewall in place and have run into issues with
> >> getting relayd to start using:
> >>
> >> # /etc/rc.d/relayd start
> >>
> >> When I try starting it like that inevitably I get:
> >>
> >> relayd(failed)
> >>
> >> checking the log files tells me:
> >>
> >> relayd: socketpair: Too many open files
> >>
> >> Having trolled through pages of SERPs, I can't find an answer; however,
> in
> >> the interest of science, if I do this:
> >>
> >> # ulimit -n 512
> >> # /usr/sbin/relayd
> >>
> >> it starts perfectly.
> >>
> >> Anyone care to give me a quick strike with the clue stick, please?
> >>
> >> Oh yah, here's my relayd.conf
> >>
> >> # Example.com
> >> # 145.176.20.136
> >> exm_chi01="192.168.2.0"
> >> exm_chi02="192.168.2.1"
> >>
> >> table <Example.com> { $exm_chi01, $exm_chi02 }
> >>
> >> #=========#
> >> # Servers #
> >> #=========#
> >> redirect "Example.com" {
> >> listen on 145.176.20.162 port 80 interface vio0
> >> pftag RELAYD-Example.com
> >> forward to <Example.com> check tcp
> >> }
> >>
> >>
> >> For what it's worth, I'm using a hosts file to point example.com to my
> IP
> >> for the time being, as I can't pull the real sites down and move them
> 'til
> >> this is working.
> >>
> >> Also of interest: pf seems to be working as advertised, as does relayd
> >> when it's started with the ulimit cranked up.
> >>
> >>
> >> Thanks,
> >> Kevin
> >>
> >
> >
> >
> > Unless there's word to the contrary, and as much as it's not officially
> the
> > right thing to do, it seems the only real choice for me here is to run
> > relayd with ulimit sufficiently cranked, eh?
