RE: FreeBSD NATd problems

[Etienne Joubert <etienne () citec net>]

We have experienced the same effects with 1600 cisco routers servicing NAT.
But with this one, some internal hosts were infected with the codered worm
(one server had a static route to a public ip)
this caused the NAT translation tables to skyrocket and eventually the
router would just freeze and needed a manual power cycle.
I got packetloss/latency and interupted services without much actual line
utilization.

> Just wondering if anyone else has experiance the following problem:
>
> I have a number of networks running with FreeBSD firewalls providing a
> nat service to a number of hosts behind the wall itself. Both outgoing nat,
> and port_redirection is provided.  THis has been running stabily for over a
> year.  However in the last 10 days I have had a number of these natd
> mprocesses suddenly bloat ( looking at 48Megs upwards when they normally
sit
> at around 700K-1Meg.  Ping times to the firewalls ( infact any packets
> passing through the natd process are delayed, it seems to suffer a type of
> exponential decay, with the highest delay I have recorded being in the
order
> of 240 seconds!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com