From owner-freebsd-questions@FreeBSD.ORG  Mon Nov 10 14:02:24 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 61A0916A4D0
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Nov 2003 14:02:24 -0800 (PST)
Received: from franklin-belle.com (adsl-65-68-247-73.dsl.crchtx.swbell.net
	[65.68.247.73])	by mx1.FreeBSD.org (Postfix) with ESMTP id 5A9D443FDF
	for <freebsd-questions@freebsd.org>;
	Mon, 10 Nov 2003 14:02:23 -0800 (PST)
	(envelope-from jacks@sage-american.com)
Received: from sagea (sagea.sage-american [10.0.0.3])
	by franklin-belle.com (8.12.8p2/8.12.8) with SMTP id hAAM20CP018369;
	Mon, 10 Nov 2003 16:02:00 -0600 (CST)
	(envelope-from jacks@sage-american.com)
Message-Id: <3.0.5.32.20031110160157.0142b020@10.0.0.15>
X-Sender: jacks@10.0.0.15
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Mon, 10 Nov 2003 16:01:57 -0600
To: Daniela <dgw@liwest.at>, freebsd-questions@freebsd.org
From: "Jack L. Stone" <jacks@sage-american.com>
In-Reply-To: <200311102242.09544.dgw@liwest.at>
References: <3.0.5.32.20031110151819.01431468@10.0.0.15>
 <3.0.5.32.20031110151819.01431468@10.0.0.15>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, hits=0.0 required=4.5 tests=none autolearn=ham 
	version=2.60-fbelle.rules_v1
X-Spam-Checker-Version: SpamAssassin 2.60-fbelle.rules_v1 
	(1.212-2003-09-23-exp) on franklin-belle.com
Subject: Re: Help! Runaway NATD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2003 22:02:24 -0000

At 10:42 PM 11.10.2003 +0000, Daniela wrote:
>On Monday 10 November 2003 21:18, Jack L. Stone wrote:
>> FreeBSD 4.8-RELEASE-p13 - GW/router/NAT/FW/Caching DNS - Bind-8.3x +
>> IPFW(8)
>>
>> Have just setup the above to route mainly for a LAN (in place of hardware
>> router), but natd runs non-stop as per TOP(1) and keeps eating up the CPU
>> until it crashes. Takes about 1/2 hour to eat up the resources and requires
>> a reboot -- then the problem just starts over again.
>
>Have you tried to attach to the process with gdb(1) or truss(1)?
>Also please show us what `ps ax` says about natd.
>Can you get a core dump?
>
>Good luck!
>Daniela
>
Thanks for the quick reply. No, haven't had chance to redo the kernel for
gdb, etc. But, here's some more info from the "ps -ax" and log. The tcp
start out very small and keep growing in big leaps as below -- this is just
before running out of CPU....


>From "/var/log/alias.log"
icmp=0, udp=8, tcp=33830, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=33838
 (sock=0)
icmp=0, udp=8, tcp=33831, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=33839
 (sock=0)
...a FEW minutes later:
icmp=2, udp=9, tcp=41608, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=41619
 (sock=0)
icmp=2, udp=9, tcp=41609, pptp=0, proto=0, frag_id=0 frag_ptr=0 / tot=41620
 (sock=0)

PID  TT  STAT      TIME COMMAND
    0  ??  DLs    0:00.00  (swapper)
    1  ??  ILs    0:00.01 /sbin/init --
    2  ??  DL     0:00.00  (pagedaemon)
    3  ??  DL     0:00.00  (vmdaemon)
    4  ??  DL     0:00.01  (bufdaemon)
    5  ??  DL     0:00.21  (syncer)
    6  ??  DL     0:00.01  (vnlru)
   23  ??  Is     0:00.00 adjkerntz -i
  116  ??  Rs     6:53.75 /sbin/natd -f /etc/natd.conf -n rl0
  133  ??  Ss     0:00.07 /usr/sbin/syslogd -s
  136  ??  Is     0:00.13 /usr/sbin/named -u bind -g bind
  139  ??  Ss     0:00.10 ntpd -p /var/run/ntpd.pid
  142  ??  Is     0:00.01 timed -F earth.netwood.net
  148  ??  Is     0:00.00 /usr/sbin/inetd -wW
  150  ??  Is     0:00.02 /usr/sbin/cron
  152  ??  Is     0:00.62 /usr/sbin/sshd
  213  ??  Ss     0:00.41 /usr/local/sbin/httpd
  218  ??  I      0:00.00 /usr/local/sbin/httpd
  219  ??  I      0:00.00 /usr/local/sbin/httpd
  220  ??  I      0:00.00 /usr/local/sbin/httpd
  221  ??  I      0:00.00 /usr/local/sbin/httpd
  222  ??  I      0:00.00 /usr/local/sbin/httpd
  223  ??  Is     0:00.00 /usr/local/sbin/dhcpd
  254  ??  S      0:00.10 /usr/local/libexec/mysqld --basedir=/usr/local
--datadir=/var/db/mysql --user=mysql --pid-file=/va
  264  ??  Is     0:00.04 /usr/local/libexec/postfix/master
  265  ??  I      0:00.02 pickup -l -t fifo -u
  266  ??  I      0:00.26 qmgr -l -t fifo -u
  267  ??  I      0:00.07 sshd: kuni [priv] (sshd)
  269  ??  I      0:00.04 sshd: kuni@ttyp0 (sshd)
  281  ??  I      0:00.07 sshd: jacks [priv] (sshd)
  283  ??  S      0:04.24 sshd: jacks@ttyp1 (sshd)
  270  p0  Is     0:00.04 -csh (csh)
  273  p0  I+     0:00.05 _su (csh)
  284  p1  Is     0:00.04 -tcsh (tcsh)
  290  p1  S      0:00.07 _su (csh)
  387  p1  R+     0:00.00 ps ax
  231  v0  Is+    0:00.01 /usr/libexec/getty Pc ttyv0
  232  v1  Is+    0:00.01 /usr/libexec/getty Pc ttyv1
  233  v2  Is+    0:00.01 /usr/libexec/getty Pc ttyv2
  234  v3  Is+    0:00.01 /usr/libexec/getty Pc ttyv3
  235  v4  Is+    0:00.01 /usr/libexec/getty Pc ttyv4
  236  v5  Is+    0:00.01 /usr/libexec/getty Pc ttyv5
  237  v6  Is+    0:00.01 /usr/libexec/getty Pc ttyv6
  238  v7  Is+    0:00.01 /usr/libexec/getty Pc ttyv7
  227 con- I      0:00.02 /bin/sh /usr/local/bin/safe_mysqld --user=mysql
--datadir=/var/db/mysql --pid-file=/var/db/mysql/e

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks@sage-american.com