IPfilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

NAT and age

from [Christian Karpp] [Permanent Link][Original]
To: ipfilter@coombs.anu.edu.au
Subject: NAT and age
From: Christian Karpp <xn@heidelbg.ibm.com>
Date: Fri, 22 Dec 2006 13:47:29 +0100
Delivered-to: sp-com-lists@consult.net
Delivered-to: ipfilter-list@securepoint.com
Organization: IBM Mannheim, Germany
Sender: owner-ipfilter@coombs.anu.edu.au
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 
Hi,
I'd like to understand how aging of NAT entries work. I'm currently struggling with my NAT table filling up and never expiring any entries. 

I'm using only two rules:
map en0 10.10.0.0/16 -> a.b.c.d/32 age 2
rdr en0 a.b.c.d port 80 -> 10.10.20.4 port 80
One machine on the private net does *a lot* of DNS queries and fills up the NAT table pretty quickly with entries like: 
MAP 10.10.10.3      51019 <- -> a.b.c.d      51019 [e.f.g.h 53]
No entry ever expires as I can tell from an 'ipnat -s' thus when 30000 lines have been added, no new connections will be handled. Neither by the MAP nor by the RDR statement. I have to manually flush the table ('ipnet -F') first to make things work again.
I'm using a build of IPFilter v4.1.13, compiled with default options, running on AIX 5.3TL05. 

Any ideas welcome.

Thanks,
Christian
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Limit number of outgoing connections, Darren Reed
Next by Date:  Re: NAT and age, Darren Reed
Previous by Thread:  ipfilter compile issue on ubuntu server 6.06, Ernest Natiello
Next by Thread:  Re: NAT and age, Darren Reed
Indexes:  [Date] [Thread] [Top] [All Lists]