in-kernel nat and stateful inspection hangs system 7.1 RELEASE

[Özkan KIRIK]

Hi,

i am using FreeBSD 7.1 RELEASE as gateway (about 2000 clients 90vlans via
if_vlan) .
My Server is HP DL380 G4. I am using the on board gigabit nic as wan
interface which uses bge driver.

My rule set is below:

wan_intf="bge1"
ipfw nat 100 config ip X.X.X.1 reset same_ports
ipfw nat 101 config ip X.X.X.2 reset same_ports
ipfw nat 102 config ip X.X.X.3 reset same_ports
...
...
ipfw add 5 allow all from any to any layer2
ipfw add 50 checkstate
...
... Other port forwarding and static nat rules without keep-state
...
ipfw add 50000 nat 100 all from 10.1.0.0/16 to any via $wan_intf
ipfw add 50000 skipto 51000 all from X.X.X.1 to any setup keep-state via
$wan_intf
ipfw add 50000 nat 101 all from 10.1.0.0/16 to any via $wan_intf
ipfw add 50000 skipto 51000 all from X.X.X.2 to any setup keep-state via
$wan_intf
ipfw add 50000 nat 102 all from 10.1.0.0/16 to any via $wan_intf
ipfw add 50000 skipto 51000 all from X.X.X.3 to any setup keep-state via
$wan_intf
...
...
ipfw add 51000 nat 100 all from any to X.X.X.1 via $wan_intf
ipfw add 51000 nat 101 all from any to X.X.X.2 via $wan_intf
ipfw add 51000 nat 102 all from any to X.X.X.3 via $wan_intf
...
...

About 2 Minutes later after apply this rule set, system writes that bge1
watchdog timeout --- resetting and then system hangs, keyboard doesnt
response. No logs can be observed.

When i remove all skipto and checkstate rules, system work properly without
problems. I suspect about stateful inpection code.
some sysctl variables are below:

net.inet.ip.fw.dyn_max=32768
net.inet.ip.fw.dyn_ack_lifetime=100
net.inet.ip.fw.dyn_short_lifetime=10
net.inet.ip.fw.one_pass=0
net.inet.ip.dummynet.hash_size=256
kern.maxfiles=32000
kern.ipc.somaxconn=1024
net.inet.ip.process_options=0
net.inet.ip.fastforwarding=1
net.link.ether.ipfw=1

thanks for your interests