Hi,
I'd like to understand how aging of NAT entries work. I'm currently
struggling with my NAT table filling up and never expiring any entries.
I'm using only two rules:
map en0 10.10.0.0/16 -> a.b.c.d/32 age 2
rdr en0 a.b.c.d port 80 -> 10.10.20.4 port 80
One machine on the private net does *a lot* of DNS queries and fills up
the NAT table pretty quickly with entries like:
MAP 10.10.10.3 51019 <- -> a.b.c.d 51019 [e.f.g.h 53]
No entry ever expires as I can tell from an 'ipnat -s' thus when 30000
lines have been added, no new connections will be handled. Neither by
the MAP nor by the RDR statement. I have to manually flush the table
('ipnet -F') first to make things work again.
I'm using a build of IPFilter v4.1.13, compiled with default options,
running on AIX 5.3TL05.
Any ideas welcome.
Thanks,
Christian
