Chris Ross wrote:
>
> On Mon, 22 Oct 2007 23:14:42 +0200, Pavel Cahyna <pavel@NetBSD.org> said:
>>> Install NetBSD 4.0_RC3 onto a machine which does NAT for a modest sized
>>> network. ipnat -l | wc will show a constantly growing list of 
>>> connections.
>>> Networks which would normally only average around 1,000 connections 
>>> show
>>> more than 25,000 connections in a day or two. Networks which average
>>> around 50 connections show more than 20,000 after four or five days.
>>
>> Probably caused by http://releng.netbsd.org/cgi-bin/req-4.cgi?show=880
>> which will be backed out soon.
>
>   I was looking at ipfilter changes in netbsd-4, and was pointed at 
> this bug.  This bug is also affecting my i386 router at home, for a 
> small network.  I *believe* that the only NAT connections that are 
> being held and not expiring properly are RDR connections.
>
>   Are you commenting above that the pull-up that was/is ticket #880 is 
> going to be backed out, thus reintroducing IPF bug #1774745 ?

Bug #1774745 can't be solved properly in IPFilter 4.1.x because
the changes required to solve it are too substantial to NAT.

Darren