Date: Mon, 19 Nov 2007 14:54:40 -0500 From: Ted Wisniewski <ted@ness.plymouth.edu> To: freebsd-questions@freebsd.org Cc: Chris Drever <ctdrever@plymouth.edu> Subject: System Freeze w/ IPNAT Message-ID: <200711191454.40038.ted@ness.plymouth.edu>
next in thread | raw e-mail | index | archive | help
We have a box doing routing and NAT using IPNAT that freezes up after a couple days. We have swapped out the Box with a different model and continue to see the same problem. Symptoms are that the machine no longer passes traffic and the console is unresponsive to any keyboard input (not even ctrl-alt-del). What we are doing is just Nat'ing a portion of the network traffic (we want to pass certain areas of the network address space un-modified). We are pretty certain that our problem has something to do with ipnat becasue we are using other BSD boxes as routers without issue. We have seen a couple: bge1: watchdog timeout -- resetting bge1: link state changed to DOWN bge1: link state changed to UP in the log file that were not present on the first machine because it had a different set of network cards... I mention it only for completeness. Any help that someone can provide would be appreciated. Additional pertinent info is provided below. Thanks Ted Relevant Kernel Options: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options IPFILTER_LOOKUP #ipfilter pools Relevant rc.conf settings: # # ROUTING # router_enable="YES" router_flags="-s" gateway_enable="YES" # # Network firewall / NAT (IPF) # gateway_enable="YES" ipfilter_enable="YES" ipfilter_flags="-T ipf_nattable_max=500000 -E" ipnat_enable="YES" ipnat_program="/sbin/ipnat" ipnat_rules="/etc/ipnat.rules" ipmon_enable="YES" ipmon_flags="-Ds -N /dev/ipnat -f /dev/ipl -S /dev/ipstate" Example rule from /etc/ipnat.rules (we have a number of these based on areas of our network)... Each subnet is associated with a different ip on the outgoing side of the NAT. # map bge0 192.168.100.0/23 -> 192.168.4.64/32 proxy port ftp ftp/tcp map bge0 192.168.100.0/23 -> 192.168.4.64/32 icmpidmap icmp 60000:65535 map bge0 192.168.100.0/23 -> 192.168.4.64/32 portmap tcp/udp 42000:65535 # Background info: FreeBSD 6.2 pl-8 Using Dell Poweredge 860 1 Gig RAM Dual - Broadcom BCM5750 B1, ASIC rev. 0x4101 Latest Firmware First Interface (bge0): with 11 IP's (1 for host with 10 aliases for NAT) operating at media: Ethernet autoselect (1000baseTX <full-duplex>) Second interface (bge1): with one IP operating at media: Ethernet autoselect (1000baseTX <full-duplex>)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711191454.40038.ted>