port-i386: Re: NAT, PPPoE 3-NIC router

Subject: Re: NAT, PPPoE 3-NIC router
To: None <hiroshi-n@iname.com, port-i386@NetBSD.org>
From: Simas Mockevicius <symka@netbsd.vejas.lt>
List: port-i386
Date: 11/20/2003 14:12:42

Maybe I am not right, but You may look at this:
http://proj.sunet.se/E2E/tcptune.html
I dont have ppoe, but I have routers with 6 nic and netbsd hangs when there 
is a lot of conection, and panics: "panic: malloc: out of space in 
kmem_map", so I have changed sysctl kern.mbuf.nmbclusters as noticed on the 
link bellow. everithing is fine now.

Sincerely,
Simas.

On Thu, 20 Nov 2003 21:05:34 +0900, <hiroshi-n@iname.com> wrote:

> I am wondering if  this is the right place to post this kind of question.
>
> I recently set up NetBSD i386 1.6.1 as a router and DNS. My system is as 
> follows:
>
> NIC-0 : PPPoE ( ex0 )
> NIC-1 : fixed global address (x.x.x.x/28) ( fxp0 )
> NIC-2 : gateway to private (192.168.1.0/24) ( tlp0 )
>
> CPU AMD Duron 900MHz, RAM 128MB, VIA KM-266
>
> My ISP gives me 16 global IPs and  I set up configuration files as :
>
> /etc/rc.conf
> ipfilter=YES
> ipnat=YES
> ipwatched=YES
>
> /etc/syscntl.conf
> net.inet.ip.forwarding=1
> net.inet.tcp.mss_ifmtu=1
>
> /etc/ipnat.conf
> map pppoe0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp mssclamp 1412
> map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000 mssclamp 
> 1412
> map pppoe0 192.168.1.0/24 -> 0/32 mssclamp 1412
>
> map pppoe0 x.x.x.x/28 -> 0/0 mssclamp 1412
>
> /etc/ipf.conf
> pass in from any to any
> pass out from any to any
>
> /etc/ifconfig.fxp
> inet x.x.x.x/28
>
> /etc/ifconfig.tlp0
> inet 192.168.1.254/24
>
> /etc/ifconfig.pppoe0, /etc/ppp/if-up, /etc/ppp/if-down, ..
> ...
>
> PPPoE works and the global IPs can be accessed from outside with no 
> problem.
> As long as a few clients access Internet via tlp0, it works fine.
>
> However, when more users (10) starts using NAT, NetBSD becomes slow and 
> hangs in short period of time ( in a few hours ). Logs files are not 
> consistent, too. Sometimes it says "arpresolve: cannot allocate llinfo on 
> tlp0", or "panic: malloc: out of space in kmem_map", etc.
>
> Is there any limitaion about the number of NAT clients ?
> Or I might be doing something completely wrong..
>
> If there are anyone doing 3-NICs routing with NAT, PPPoE and global IP, I 
> would like to hear any kind of adivice.
>
>