From owner-freebsd-questions@FreeBSD.ORG Thu Mar 18 18:10:54 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 659B0106566B for ; Thu, 18 Mar 2010 18:10:54 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id E65628FC14 for ; Thu, 18 Mar 2010 18:10:53 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1NsKBI-0007Fx-DN for freebsd-questions@freebsd.org; Thu, 18 Mar 2010 19:10:52 +0100 Received: from pool-68-239-68-178.res.east.verizon.net ([68.239.68.178]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Mar 2010 19:10:52 +0100 Received: from nightrecon by pool-68-239-68-178.res.east.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 18 Mar 2010 19:10:52 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Followup-To: gmane.os.freebsd.questions Date: Thu, 18 Mar 2010 14:10:22 -0400 Lines: 45 Message-ID: References: <251163611.20100318153216@sng.by> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: pool-68-239-68-178.res.east.verizon.net Subject: Re: NAT overflow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Mar 2010 18:10:54 -0000 Anton wrote: > > Hello everyone, > > I'm kind of noob in FreeBSD particularily, and in Unix systems at all > :- ). But, I've already mastered an router on freebsd 7.2, which > worked fine u ntil I installed their MySQL with huge database. > > Now, once a day, I have a problem - users do not have internet on > their computers, and I could not connect to Microsoft Windows server > with RDP fro m outside, but I could login via ssh on router. After > rebbot - everything b ecome fine, everything works good and I have > no problems, until next overflow. > [snip] It is unclear whether or how MySQL is involved with NAT. If it is somehow being used to store NAT session data it might be a possibility. If such is the case all recent MySQL versions by default time out an idle connection, and unless the client detects this and reconnects automatically it is a problem. You can extend the idle delay window to its maximum by placing wait_timeout = 31536000 after the other contents of the global section (will have [mysqld] at the top) of your my.cnf. Even this will eventually drop a connection if idle for longer than this period, but it is as long as you can configure so you hope something pings the database before this expires. As far as the NAT is concerned itself, an overflow can happen from not enough memory in the pool to contain all the session data for the volume of traffic you experience through the router. This should result in dropped connections which then become automatically reestablished very soon after. It should not necessarily cause all traffic to cease once a day. The NAT pool and memory resources, as well as session time out values are tunable. However, it is not clear which NAT and firewall solution you are using, so it is difficult to provide any insight until we know the solution we are discussing. I have used all three over the years, but have used pf long enough now that what I recall from ipfw and ipfilter days is rusty. Others on this list are more informed than myself as well, so when we know specifically what NAT you are using and more details of the problem maybe more help will pop up. -Mike