ipnat of ipfilter crash with too many mapping?
gkullak_at_fi.uba.ar
Date: 09/27/04
- Previous message: Jon Noack: "Re: Strange things on GBit / 1000->100 / net.inet.tcp.sack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 27 Sep 2004 12:22:34 -0300 (ART) To: freebsd-net@freebsd.org
Hi!
I'm running FreeBSD 4.10 with ProFTP,Apache, Tomcat, Samba, Squid,SSH
Server, MySQL and PostgreSQL.
This machine is direct connected to Internet and is a firewall for an
internet LAN.
For firewall I am using ipfilter (ipf and ipnat).
|-> 172.16.0.2
Internet ---> (200.0.0.1)FreeBSD Box (172.16.0.254) |
fxp0 fxp1 |-> 172.16.0.3
Te problem is that when I run Overnet from 172.16.0.2, the NAT die.
What it mean: FreeBSD run transparent proxy to Squid in port 8080. ipnat
redirect all request to outside 80 to 8080.
This work fine but when I start Overnet the nat table begin to grow up to
600 mapping!!!
The bandwith of my Internet connection is of 512Kbps.
If I view the system status (top), the system was normal = 98% iddle.
I am really thinking that ipnat daemon work not to fine for this type of
connection, because in my work I have the same schema with more machines
in the LAN but for firewalling I am using "iptables" in Red Hat Linux 7.3
box with 2 overnet programs runnig in diferents machines and the
connection never die.
I refer in all case to "connection", but I don't know if the die is the
connection, the system, the ipnat program or other thing.
I try ipnat compiled in the kernel and i try ipnat loaded like module in
rc.conf (actual form).
The really thing is that when I stop the overnet and run "ipnat -CF -
/etc/ipnat.rules" for flush and reload the NAT rules, the connection run
fast again.
Example: If it running Overnet in 172.16.0.2 and I want to start
RealPlayer for listen a radio channel in 172.16.0.3 and got an error (can
not connect). In this same case, I try to navegate to www.yahoo.com, but a
got "Page not found" (remmeber transparent proxy use ipnat to resolve).
But in this situation, I set to use the proxy server in Internet Options
of my browser, the Yahoo page load (slow but load).
I know that Overnet use very much bandwith of Internet connection, but I
am thinking that ipnat not work very well with this type of load.
For probe I will go to try putting a Red Hat Linux box to manage the NAT
and look if work better.
Do you have another idea that I can try to resolve the problem?
Thanks!
Regards.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Jon Noack: "Re: Strange things on GBit / 1000->100 / net.inet.tcp.sack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
