I've been chasing an issue for a couple weeks and I think I need some expertise greater than my own divining.
The ipfilter is the 3.0 stock 4.1.8 that has 763 NAT rules and a little over 100 ipf rules. The core of the NAT rules are round-robin mappings to 3 hosts on the inside (cheap load balancing). After the system runs for a couple days (3-ish) it seems to go its own direction and starts dropping state across all services. It will log that it's blocking as well but tcpdump traces show a good 3-way TCP setup and then ipmon starts logging the session as blocked and things come to a stand-still. I've never seen a log entry that the kernel was out of buffers but my earlier attempts to remedy this were to set NMBCLUSTERS to 8192 and I have KMEMSTATS enabled. The system is a 1.4GHz PIII dell 1650 with 512M though I've never seen it use more than 70M. The load has yet to hit T1 speeds, the system load maybe peaks at 1% interrupt utilization and the rest of the load is zeros. There at typically over 3000 entries in the state table. What should I be looking for to figure this out? Thanks,
