On Mon, 13 Aug 2001, Barry Irwin wrote:
> Hi All
>
> Just wondering if anyone else has experiance the following problem:
>
> I have a number of networks running with FreeBSD firewalls providing a
> nat service to a number of hosts behind the wall itself. Both outgoing
> nat, and port_redirection is provided. THis has been running stabily
> for over a year. However in the last 10 days I have had a number of
> these natd mprocesses suddenly bloat ( looking at 48Megs upwards when
> they normally sit at around 700K-1Meg. Ping times to the firewalls (
> infact any packets passing through the natd process are delayed, it
> seems to suffer a type of exponential decay, with the highest delay I
> have recorded being in the order of 240 seconds!
>
> At this kind of latency, network connectivity is non existant. One of
> the first signs of an impending slowdown is that DNS starts timing
> out. The firewalls are running prettey standard martian filters ( see
> Darft-manning-dusa03.txt) to filter out the majority of the cruft
> floating around.
>
> This has sofar impacted 4.0-Release, 4.1-RELEASE as well as
> 4.3-STABLE. Reviews of tcpdumps collected once slowdown has been
> noticed do not show any signs of strange activity. What I am
> wondering is , is there some new Scanning /DoS tool, which is causing
> natd to get its data structures in a knot, and thereby grow massively,
> in addition to the slowdown.
Turn on natd logging when this occurs and see what is
happening. Submit log if necessary.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
