From owner-freebsd-net  Wed Nov 13 12:11:31 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4A2AE37B401
	for <freebsd-net@freebsd.org>; Wed, 13 Nov 2002 12:11:30 -0800 (PST)
Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18])
	by mx1.FreeBSD.org (Postfix) with SMTP id 8B79B43E42
	for <freebsd-net@freebsd.org>; Wed, 13 Nov 2002 12:11:29 -0800 (PST)
	(envelope-from kudzu@tenebras.com)
Received: (qmail 2798 invoked from network); 13 Nov 2002 20:11:28 -0000
Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241)
  by 0 with SMTP; 13 Nov 2002 20:11:28 -0000
Message-ID: <3DD2B1EF.4020603@tenebras.com>
Date: Wed, 13 Nov 2002 12:11:27 -0800
From: Michael Sierchio <kudzu@tenebras.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20020826
X-Accept-Language: en-us, en, fr-fr, ru
MIME-Version: 1.0
To: freebsd-net@freebsd.org
Subject: natd woes with 4.7-RELEASE-p2
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org


I am running 4.7 on a firewall, with an extremely simple nat
setup -- not all packets are passed through nat, as some services
such as ntp and dnswall are handled on the firewall -- but
for those packets that are nat'd, there are only static (redirect_address)
rules.

What happens is that, over time, natd starts to use more cycles and
memory, even without any network traffic through the box.  When the
latency to outside increases by about 4x, I kill and restart natd,
and all works fine.  This isn't ideal, however.

Any suggestions?  contents of my natd config follow.

# rc.natd
#
# external interface
interface sis0
#
use_sockets
same_ports
unregistered_only
#
redirect_address 192.168.188.18  66.92.188.18
redirect_address 192.168.188.165 66.92.188.165
redirect_address 192.168.188.175 66.92.188.175
redirect_address 192.168.188.241 66.92.188.241


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message