Subject: kern/37174: ipfilter doesn't properly remove connections from NAT table
To: None <firstname.lastname@example.org, email@example.com,>
From: None <firstname.lastname@example.org>
Date: 10/22/2007 20:35:00
>Synopsis: ipfilter doesn't properl remove connections from NAT table
>Arrival-Date: Mon Oct 22 20:35:00 +0000 2007
>Originator: John Klos
>Release: NetBSD 4.0_RC3
Multiple NetBSD 4.0_RC3 macppc machines.
ipfilter's NAT table grows and grows, and stale entries do not get
Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized
network. ipnat -l | wc will show a constantly growing list of connections.
Networks which would normally only average around 1,000 connections show
more than 25,000 connections in a day or two. Networks which average
around 50 connections show more than 20,000 after four or five days.