Re: IPfilter NAT and stalled TCP connexions

To: tech-net%NetBSD.org@localhost
Subject: Re: IPfilter NAT and stalled TCP connexions
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Fri, 26 Mar 2010 10:23:39 -0400 (EDT)

> I use IPFilter on a gateway, to perform 1:1 NAT mapping, and I have
> an annoying problem with stalled TCP connexions.

> As I understand, the default lifetime of a TCP mapping in the NAT
> table is one minute.  After one minute of inactivity for the TCP
> connexion, the mapping vanishes.  If the client sends data, the
> mapping is reinstantiated and the TCP connexion resumes normally.

Any particular reason you're using a stateful NAT?  This makes it sound
as though you really want a stateless NAT, one which just rewrites
addresses, without doing many-to-one mapping or stateful firewalling -
in which case you're either using the wrong tool or you're configuring
it wrong, I don't know ipf well enough to know which.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- IPfilter NAT and stalled TCP connexions
  - From: Emmanuel Dreyfus

Prev by Date: Re: IPfilter NAT and stalled TCP connexions
Next by Date: Re: IPfilter NAT and stalled TCP connexions
Previous by Thread: Re: IPfilter NAT and stalled TCP connexions
Next by Thread: Re: IPfilter NAT and stalled TCP connexions
Indexes:

Home | Main Index | Thread Index | Old Index