From owner-freebsd-questions  Tue Jul 24 22:11:37 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from var.cx (e166066.upc-e.chello.nl [213.93.166.66])
	by hub.freebsd.org (Postfix) with ESMTP id 52CD037B401
	for <FreeBSD-Questions@freebsd.org>; Tue, 24 Jul 2001 22:11:04 -0700 (PDT)
	(envelope-from fvw@var.cx)
From: Frank v Waveren <fvw@var.cx>
To: freebsd-questions@FreeBSD.org
Cc: 
Subject: natd forgetful?
Reply-To: 
Message-Id: <20010725051104.52CD037B401@hub.freebsd.org>
Date: Tue, 24 Jul 2001 22:11:04 -0700 (PDT)
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

I have a problem where natd appears to be losing entries from it's
table of forwarded connections... I have the sysctl
net.inet.ipf.fr_{udp|tcp}timeout set to 864000, and yet, once in a while, 
natd forgets about the previous traffic all together, as illustrated
by the following tcpdumps (this is icq traffic (udp) but the same
appears to be happening with tcp):

on ed0 (the public interface):
13:30:26.085447 fes-d006.icq.aol.com.4000 > e166066.upc-e.chello.nl.1026: udp 21 (DF)
13:30:50.033977 fes-d006.icq.aol.com.4000 > e166066.upc-e.chello.nl.1026: udp 70 (DF)
13:30:50.038764 e166066.upc-e.chello.nl.1026 > fes-d006.icq.aol.com.4000: udp 28
13:32:03.114457 fes-d006.icq.aol.com.4000 > e166066.upc-e.chello.nl.1026: udp 70 (DF)
13:32:03.116865 e166066.upc-e.chello.nl > fes-d006.icq.aol.com: icmp: e166066.upc-e.chello.nl udp port 1026 unreachable (DF)
13:32:09.117458 fes-d006.icq.aol.com.4000 > e166066.upc-e.chello.nl.1026: udp 70 (DF)
13:32:09.119853 e166066.upc-e.chello.nl > fes-d006.icq.aol.com: icmp: e166066.upc-e.chello.nl udp port 1026 unreachable (DF)

on ed1 (on the local net):

13:30:26.086744 fes-d006.icq.aol.com.4000 > hypnos.1026: udp 21 (DF)
13:30:50.035364 fes-d006.icq.aol.com.4000 > hypnos.1026: udp 70 (DF)
13:30:50.036130 hypnos.1026 > fes-d006.icq.aol.com.4000: udp 28
13:32:25.976894 ...

In these examples, e166066.upc-e.chello.nl is the public ip of the nat
box, hypnos is the host from which the traffic is coming (this host is
behind the nat box).

I'm running 4.3-RELEASE, in case it matters.. Any insight would be
appreciated.

-- 
Frank v Waveren                                      Fingerprint: 0EDB 8787
fvw@[var.cx|dse.nl|stack.nl|chello.nl] ICQ#10074100     09B9 6EF5 6425 B855
Public key: http://www.var.cx/pubkey/fvw@var.cx-gpg     7179 3036 E136 B85D

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message