[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    3.1.5 NAT vs Solaris 2. Still having problems.
From:       Neil Readwin <nreadwin () nysales ! micrognosis ! com>
Date:       1997-01-14 23:08:49
[Download RAW message or body]

A couple of very minor problems with NAT in 3.1.5 under Solaris 2.5.1.

The age goes down by 4 per second, instead of 2 (which is what the comments
suggest it should do). This makes the default timeout 300 seconds.

I have a program that sends a UDP packet every 300 seconds and ipnat tells me
2 NAT entries are in use (the second one is of interest here) ...

        map le1 199.94.142.0/24  -> 207.51.56.128/26  
        [lots of other map lines]
	199.94.142.22 2564 <- -> 207.51.56.140 2564 862796 2 b24a [0.0.0.0 0]
	199.94.142.45 56504 <- -> 207.51.56.144 56504 1162 2 b237 [0.0.0.0 0]
and
	mapped  in      193     out     237
	added   18      expired 0
	inuse   18

Later I find

	199.94.142.22 2564 <- -> 207.51.56.140 2564 863722 2 b24a [0.0.0.0 0]
	199.94.142.45 56504 <- -> 207.51.56.148 56504 986 2 b23b [0.0.0.0 0]
and
	mapped  in      225     out     269
	added   22      expired 0
	inuse   22

Note that 199.94.142.45,56504 is now mapped to a different address, so it
seems to me that the entry expired and a new one was allocated, but the
stats disagree. Or am I misunderstanding the stats?

I have a much bigger problem where this internal address starts showing
up on the outside (I can see it using snoop on the external net). It is
as though NAT just shuts itself down. More details follow when I can
find a pattern to when this occurs :-) Neil.

 We just don't discuss that capability.  I can't tell you why we don't
 discuss it because then I'd be discussing it. -- Pete Williams


[prev in list] [next in list] [prev in thread] [next in thread]