Re: IPNat Stops routing

This is a discussion on Re: IPNat Stops routing within the IPFilter forums, part of the System Security and Security Related category; Ryan Beasley wrote: > Unlike the state table, there's no compiled limit on the > size of the NAT ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: IPNat Stops routing

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-02-2003
Jim Sandoz
 
Posts: n/a
Default Re: IPNat Stops routing

Ryan Beasley wrote:
> Unlike the state table, there's no compiled limit on the
> size of the NAT table. You're limited only by the amount
> of memory available to the kernel.

eh?

(ronin)$ pwd
/ronin/home0/jds/tools/ipf/ip_fil3.4.31
(ronin)$ grep NAT_TABLE_SZ *
ip_nat.c:u_int ipf_nattable_sz = NAT_TABLE_SZ;
ip_nat.h:#ifndef NAT_TABLE_SZ
ip_nat.h:# define NAT_TABLE_SZ 127
ip_nat.h:#undef NAT_TABLE_SZ
ip_nat.h:#define NAT_TABLE_SZ 16383

note:
NAT_TABLE_SZ = 16383 only when LARGE_NAT is defined; otherwise,
NAT_TABLE_SZ = 127, which generally isn't enough.

i'd say change NAT_TABLE_SZ and recompile. ps, under solaris
you can change this parameter (and others) at boot time via
/etc/system. for more info see my entry here:
http://www.phildev.net/ipf/IPFsolaris.html#10

there may be a similar way to do this under *bsd, ioctl perhaps?

jim



Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:39 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0