Subject: Re: ipnat
To: None <netbsd-users@netbsd.org>
From: Karsten Kruse <tecneeq@gmx.net>
List: netbsd-users
Date: 03/08/2006 14:14:26
Patrick Welche wrote:
> Should ipnat's statistics really be monotonically increasing?
>
> # ipnat -s
> mapped in 17877109 out 15501105
> added 442065 expired 0
> no memory 14499 bad nat 19
> inuse 2491
> rules 44
> wilds 4294967294
>
> There comes a point where it seems one can't make new connections (as in
> you have to be lucky, or try often). The ipf side of things is fine..
> The "no memory" part above looks worrying - what type of memory is ipnat
> running out of? What can one do about it?
I had similar problems and solved them with this:
options NAT_SIZE=2047 # as long as sys/dist/ipf/netinet/ip_nat.h
options RDR_SIZE=2047 # contains undef LARGE_NAT i have to do it
options HOSTMAP_SIZE=8191 # that way
options NAT_TABLE_MAX=180000 #
options NAT_TABLE_SZ=16383 # see kern/26713
options IPSTATE_SIZE=59999 # see src/netinet/ip_state.h
options IPSTATE_MAX=41999 # see src/netinet/ip_state.h
One of those fixes the bad memory problem (when you can't establish new
connections). Since i'm not sure wich one it is, and since i have enough
memory to waste, i keep them all.
BTW, in my case it was the fact that three people behind NAT used P2P
applications. They all make lots of connections.
Karsten Kruse
--
Homepage, Mac68k, A/UX-Links und Shorties: www.tecneeq.de
() Linux/NetBSD-Anleitungen, Forum und Chat: www.newbie-net.de
<\/> GPL-guy: "Argh, they used my code! :-/"
_/\_ BSD-guy: "Cool, they used my code! :-)"