We have a IP Filter rule that is triggering the following in audit logs
Aug 29 14:42:28 2011 EDT f_kernel_ipfilter a_general_area t_info p_major
pid: 0 ruid: 0 euid: 0 pgid: 0 logid: 0 cmd: 'kernel'
domain: (null) edomain: (null) hostname: xxxx.xxxx.xxxx.com
rule_name: Rule-069 srcip: Internal IP srcport: 2327
dstip: External IP dstport: 443 protocol: 6
=IP Filter: All NAT ports in use
The rule is simple allowing 4 ports from internal to a NAT'd cluster IP on the outbound interface, also there are other rules that do
the same kind of NATing.
It is cause some host not to connect to internet.
Anyone see this issue before?
Go to your Services screen and double-click any service whose agent is 'TCP/UDP Packet Filter.' Click the Properties button. Increase the 'Reserved port range' value there to something larger and Save this change.