On 7/11/06, Stuart Henderson <[EMAIL PROTECTED]> wrote:
On 2006/07/11 10:46, Michael Durket wrote:
> Yes - I am using 'pf' with keep state. I'm not sure what you'd
> define as high-rate. Our mail servers process hundreds of messages
> a minute, but I doubt that would qualify as high-rate (compared to
> what some other mail sites get). Our other OpenBSD systems that got
> the "No route to host" messages were not processing high-rate
> connections (< 10 connections per minute) but did run pf with keep state.
"No route to host" when there is a route entry is generally
indicating packets are blocked by PF.. try `pfctl -x misc' and
take a look at syslog.
Moved to misc@openbsd.org, this is not a tech@ topic and more
people who may have input might see it there.
Try setting tcp.closed lower for the rule in question. It's default
is 90 seconds, which in some cases appears to be a little high
(although I believe there is a good reason for it, I just can't find
it).
--Bill
