Lots of tcp in alias.log

[Andreas Pettersson]

Hi all.

I have a problem with natd, I think. I'm using FreeBSD 6.2 as a 
router/proxy at home.
Sometimes (weeks apart) I've noticed that it's quite impossible to surf. 
Connections timeout. A continuous ping from the router to an outside 
address reveals a packet loss of more than 50%. After some time it 
starts working again.

When it happened again this weekend I took a peek into /var/log/alias.log:
icmp=2, udp=169, tcp=26806, pptp=0, proto=0, frag_id=0 frag_ptr=0 / 
tot=26979  (sock=0)

When I restarted natd the tcp value went back at "normal" (cruising 
around 150-200) and surfing worked fine. Right now I have a value of 
24171 but everything seems to work fine so far. A tcpdump on the 
external interface reveals no unusual traffic and everything low volume.

# netstat | grep -c tcp4
14

1. Does anyone know what might make the tcp value climb through the 
roof? I only have 2 machines on my internal network.

2. If there are some kind of tcp connection flood initiating from an 
inside machine, shouldn't the tcp aliases get purged after some time?

Since there aren't any timestamps in alias.log it is difficult to search 
for clues. I had a quick look at alias_db.c but I'm no C programmer.. A 
more detailed log of created aliases (src ip, port etc) would be helpful.

Thanks for any help.

-- 
Andreas