Lots of tcp in alias.log
andpet at telia.com
Tue Nov 20 12:47:21 PST 2007
I have a problem with natd, I think. I'm using FreeBSD 6.2 as a
router/proxy at home.
Sometimes (weeks apart) I've noticed that it's quite impossible to surf.
Connections timeout. A continuous ping from the router to an outside
address reveals a packet loss of more than 50%. After some time it
starts working again.
When it happened again this weekend I took a peek into /var/log/alias.log:
icmp=2, udp=169, tcp=26806, pptp=0, proto=0, frag_id=0 frag_ptr=0 /
When I restarted natd the tcp value went back at "normal" (cruising
around 150-200) and surfing worked fine. Right now I have a value of
24171 but everything seems to work fine so far. A tcpdump on the
external interface reveals no unusual traffic and everything low volume.
# netstat | grep -c tcp4
1. Does anyone know what might make the tcp value climb through the
roof? I only have 2 machines on my internal network.
2. If there are some kind of tcp connection flood initiating from an
inside machine, shouldn't the tcp aliases get purged after some time?
Since there aren't any timestamps in alias.log it is difficult to search
for clues. I had a quick look at alias_db.c but I'm no C programmer.. A
more detailed log of created aliases (src ip, port etc) would be helpful.
Thanks for any help.
More information about the freebsd-stable