[OpenIndiana-discuss] VMware

Sun Aug 11 15:48:46 UTC 2013

On 2013-08-11 16:59, James Relph wrote:
>
> I'll pass that on to someone actually, thanks, although would we lose pings with that (had pings running to test for a network issue and never had packet loss)?  It's a bit of a puzzler!

Also, does your host use ipfilter to filter and/or NAT access to the
iSCSI and NFS services? It might be that you run out of "buckets"
needed to track sessions. I am not sure what the defaults are now,
but remember needing to bump them a lot on an OpenSolaris SXCE 129
firewall.

There was this patch to /lib/svc/method/ipfilter :

configure_firewall()
{
         create_global_rules || exit $SMF_EXIT_ERR_CONFIG
         create_global_ovr_rules || exit $SMF_EXIT_ERR_CONFIG
         create_services_rules || exit $SMF_EXIT_ERR_CONFIG

         [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0

         ### Enforce and display state-table sizing
         ### Jim Klimov, 2009-2010
         ipf -D -T 
fr_statemax=72901,fr_statesize=104147,fr_statemax,fr_statesize -E -T 
fr_statemax,fr_statesize
         # ipf -E

         load_ippool || exit $SMF_EXIT_ERR_CONFIG
         load_ipf || exit $SMF_EXIT_ERR_CONFIG
         load_ipnat || exit $SMF_EXIT_ERR_CONFIG
}

Again, I have no idea if any of this (the fr_* line) is needed on todays
systems; the defaults in SXCE were pretty much too low, as contemporary
blogs and forums helpfully pointed out...

HTH,
//Jim Klimov