Chris Buechler wrote:
> On Tue, Dec 9, 2008 at 3:40 PM, mtnbkr <waa dash m0n0wall at revpol dot com> wrote:
>> Recent console log...
>> ipf_nattable_max reduced to 27337
> That's autotuning of ipf that attempts to prevent running out of
> kernel memory, but...
>> panic: kmem_malloc(4096): kmem_map too small: 36687872 total allocated
> This means the system ran out of kernel memory, which leaves it no
> choice but to panic. Not sure if this is caused by an ipfilter bug, or
> if should be expected with large state tables. You can increase the
> kernel memory by adding:
> to /boot/loader.conf. This should be doable by mounting and editing a
> m0n0 image and may resolve this.
> Might not be a bad idea to bump this by default. Setting this higher
> than even the amount of RAM available doesn't seem to cause any
> problems (pfSense has done so for quite a while to accommodate big
> installs with large state tables and hundreds of CARP IPs, without any
> negative effects on systems with much less RAM than is configured for
Thanks for the reply Chris. Are there some simple instructions for mounting
the m0n0 image and editing this file? This seems to be outdated and is not
helping me much: http://doc.m0n0.ch/dev/dev-host.html
ERROR: vnconfig(8) has been discontinued
Please use mdconfig(8).
And mdconfig's options are not the same as the vnconfig options listed in the URL.
I thought I read somewhere that I would need a FreeBSD machine to do it. No
problem there, just might need a small bit of hand-holding. In other words, I
have extensive Linux experience, but a little less FreeBSD experience. :)
Also, I failed to mention that this site has quite a bit of rules. Many rules
are duplicated for each dorm. Would reducing the number of rules help in any
way? I would guess not, but then again I am not a FreeBSD kernel/memory/ipf
Thank Chris... BTW, I never see you in #m0n0wall on freenode anymore :(
Reverse Polarity, LLC