On Tue, 06 Jul 2004, andrej misovic wrote:
> hello,
> how long are NAT connections cached?
> 
> I use jabber client (psi) behind netbsd box (gw/fw/nat)
> which send keep-alive packets,
> but connection to jabber server die after 8-15 sec.
> I'm afraid, that reason is short NAT conection cache..
> or am I wrong?

10 minutes. If your NAT tables are too small however, entries can die
sooner (though I've not seen 8-15s...)

Check:
src/sys/netinet/ip_nat.h

#define        DEF_NAT_AGE     1200     /* 10 minutes (600 seconds) */

#undef  LARGE_NAT       /* define this if you're setting up a system to NAT
                         * LARGE numbers of networks/hosts - i.e. in the
                         * hundreds or thousands.  In such a case, you should
                         * also change the RDR_SIZE and NAT_SIZE below to more
                         * appropriate sizes.  The figures below were used for
                         * a setup with 1000-2000 networks to NAT.
                         */
#ifndef NAT_SIZE
# define        NAT_SIZE        127
#endif
#ifndef RDR_SIZE
# define        RDR_SIZE        127
#endif
#ifndef HOSTMAP_SIZE
# define        HOSTMAP_SIZE    127
#endif
#ifndef NAT_TABLE_SZ
# define        NAT_TABLE_SZ    127
#endif
#ifdef  LARGE_NAT
#undef  NAT_SIZE
#undef  RDR_SIZE
#undef  NAT_TABLE_SZ
#undef  HOSTMAP_SIZE    127
#define NAT_SIZE        2047
#define RDR_SIZE        2047
#define NAT_TABLE_SZ    16383
#define HOSTMAP_SIZE    8191
#endif


-- 
David Maxwell, david@vex.net|david@maxwell.net --> Unless you have a solution
when you tell them things like that, most people collapse into a gibbering, 
unthinking mass.  This is the same reason why you probably don't tell your 
boss about everything you read on BugTraq!    - Signal 11