ipnat - rdr problem

J

joeanna

I'm using ipnat with redirection on FreeBSD 8.1 stable. Details are I would like to redirect all traffic destined to port www to another machine, another FreeBSD box, which already have a squid installed, functioning as a proxy server:

here is what I put in the end of /etc/ipnat.rules:

Code: 
rdr rl0 0.0.0.0/0 port 80 -> 192.168.1.100 port 7080 tcp

DETAILS:
192.168.1.100 is the another machine (2nd machine) -> that has squid installed.
rl0 0.0.0.0/0 resides in 1st machine, which is intended to redirect http traffic to 2nd machine.

PROBLEM:
It doesn't always work as intended. SOMETIMES, yes sometimes ipnat can not redirect http traffic. There were a lot of icmp destination unreachable generated, I have to flush all the rules, reload ipnat due to that condition. It happens several times a day.

Could you help me point out what seems to be the cause / solution?
 
Does anyone could make any suggestions how to mend this:

# ipnat -s
Code: 
mapped  in      2949285 out     2933356
added   227694  expired 116226
no memory       0       bad nat 11888
inuse   458
orphans 0
rules   123
wilds   0
hash efficiency 53.28%
bucket usage    2.44%
minimal length  0
maximal length  2
average length  1.877

Problem: Ipnat stops redirecting (several times a day) when network is busy.
I have changed the value in 4 variables, responding at ipnat's respond time:
Code: 
fr_tcphalfclosed  from: 14400 -> to: 7200
fr_tcpidletimeout from: 864000 -> to: 432000
ipf_nattable_sz   multiply it to 10009
ipf_nattable_mx   multiply it to 300109
ipf_natrules_sz   from 127 -> to: 1021
ipf_rdrrules_sz   from 127 -> to: 1021
But the same problem still occurs.

TIA
 
You must log in or register to reply here.
Back
Top