Re: ipnat stops working under heavy traffic

If I block all inbound traffic on port 53 and if dns packets reach to
such firewall rule, it means that
NAT rule is not working, isn't it? I'll be losing packets I'm want to
be received on my program.

And about ipstats -s, I have been reading oline documentation and I
haven't seen any description of those values.
I guess the meaning, but I'd like to get a description. Is there any
place to get it?

Could be this problem being realted with state and nat table sizes? ( I
use default values)

regards

Alvaro



Darren Reed escribió:

>In some email I received from Alvaro Armenteros, sie wrote:
>[ Charset ISO-8859-1 unsupported, converting... ]
>
>
>>Hi,
>> I have installed ipfilter on a Solaris 8 box with a DNS server
>>installed too. I just want redirect all DNS queries on standar port 53
>>to antoher port (54). There is a small program listening on this port
>>what at this moment only redirect queries to port 53 again to the DNS
>>server.
>>The machine has 3 interfaces and my ipnat.conf defines a rule for each
>>interface in this way:
>>
>>rdr <interface> A.B.C.D/32 port 53 -> A.B.C.D port 54 udp
>>
>>Testing in a closed environtment it works perfectly, and doing some
>>test with nslookup, packets are received on port 54 and forwarded to DNS
>>server.
>>
>>But in a real environtment, with heavy DNS traffic, I have realized that
>>some traffic is reaching the DNS server directly, not from the dummy
>>program on port 54.
>>
>>
>
>Ok, couple of things to do.
>
>First, if you do not want traffic to reach the DNS server directly,
>block all inbound packets to port 53. This will take affect after
>the NAT (rdr) rule so your program will still receive data.
>
>Next, check "ipnat -s" to see if "no memory" or "bad nat" are non-0.
>
>Darren
>
>
>