On 6-Jan-05, at 11:10 AM, Felix Deichmann wrote:
> Nice graph :)

mmm gnuplot. even though I always have to relearn every time I use it.

> Well, here comes my guess:
> Your NAT table is getting full because old entries are not getting 
> cleaned fast enough. Try changing DEF_NAT_AGE from the default of 10 
> minutes to something quite small, say 10 seconds (?). And also define 
> LARGE_NAT.
>
> Under NetBSD 1.4, this should be IPFilter 3.3.x. So search ip_nat.h in 
> your kernel source dir, define LARGE_NAT and define DEF_NAT_AGE	to 
> something smaller: 20 for 10 seconds. Recompile the kernel.

I'm wondering what, in the world, changed in the last month to cause 
this to suddenly start happening, on a machine that's been happily 
chugging away, doing this same job, for 4 years?   Did a new http 
standard come out and now all new browsers are starting to use it?

I'll start turning knobs when I build the new one...

I'll also ask on the ipf list...