Date: Thu, 18 Mar 2010 14:10:22 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: NAT overflow Message-ID: <hntqas$f73$1@dough.gmane.org> References: <251163611.20100318153216@sng.by>
next in thread | previous in thread | raw e-mail | index | archive | help
Anton wrote: > > Hello everyone, > > I'm kind of noob in FreeBSD particularily, and in Unix systems at all > :- ). But, I've already mastered an router on freebsd 7.2, which > worked fine u ntil I installed their MySQL with huge database. > > Now, once a day, I have a problem - users do not have internet on > their computers, and I could not connect to Microsoft Windows server > with RDP fro m outside, but I could login via ssh on router. After > rebbot - everything b ecome fine, everything works good and I have > no problems, until next overflow. > [snip] It is unclear whether or how MySQL is involved with NAT. If it is somehow being used to store NAT session data it might be a possibility. If such is the case all recent MySQL versions by default time out an idle connection, and unless the client detects this and reconnects automatically it is a problem. You can extend the idle delay window to its maximum by placing wait_timeout = 31536000 after the other contents of the global section (will have [mysqld] at the top) of your my.cnf. Even this will eventually drop a connection if idle for longer than this period, but it is as long as you can configure so you hope something pings the database before this expires. As far as the NAT is concerned itself, an overflow can happen from not enough memory in the pool to contain all the session data for the volume of traffic you experience through the router. This should result in dropped connections which then become automatically reestablished very soon after. It should not necessarily cause all traffic to cease once a day. The NAT pool and memory resources, as well as session time out values are tunable. However, it is not clear which NAT and firewall solution you are using, so it is difficult to provide any insight until we know the solution we are discussing. I have used all three over the years, but have used pf long enough now that what I recall from ipfw and ipfilter days is rusty. Others on this list are more informed than myself as well, so when we know specifically what NAT you are using and more details of the problem maybe more help will pop up. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?hntqas$f73$1>