|
||||||||||||
|
|
|
|
 |
||||||||
 |
Re: Dynamic NAT table filling up |
 |
|
 |
11-27-2008, 02:05 PM
|
#11 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
"Massimo Rosen" <mrosenno@spamcfc-it.de> wrote in message news:492ECAC1.18817D88@spamcfc-it.de... > Hi, > > Jim Burghart wrote: >> So I >> went from bx2.lan version 3.41 to version 3.70. > > Revert that change immediately. BX2.LAN 3.70 is completely broken. > >> HP claims it is for NW65SP7. > > HP is full of it, they know this version is crap for months, and do > nothing about it. If you find a version 4.41 at HP.COM, forget that one > too, it's even worse. > > CU, > -- > Massimo Rosen > Novell Product Support Forum Sysop > No emails please! > http://www.cfc-it.de |
|
 |
 |
 |
|
Re: Dynamic NAT table filling up |
|
|
|
|
11-29-2008, 08:51 AM
|
#12 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
I am not sure I still have the issue, we have had almost no traffic since it
was a holiday weekend. I did find another reference to this type of NAT issue posted back on 10/05/2006. Sounds very similar to my issue. (Sleepy NAT). Does anyone know if Wayne Gamradt actually resolved this? If so how? I also noticed on this sever that TCP/IP takes a long time to initialize at startup. So long, it causes timesync to fail? Once the server is loaded, I can reload timesync.nlm and it works fine. Has anyone experienced this? Thanks, Jim "Jim Burghart" <pumpkinj@nycap.rr.com> wrote in message news:HonXk.3308$wo4.762@kovat.provo.novell.com... >I have a strange issue with a Bordermanager server. It is 3.9SP1 on a NW >6.5sp7 server. After the server has been running it stops passing traffic >to the Internet. I checked the NAT table and it has 5000 entries (the max I >believe) The entries are old, so it looks like it is not refreshing the >table. > > If I disable NAT on the public interafce, then enable it things start > moving again. > > Any ideas? > > Thanks, > > Jim > |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
11-29-2008, 02:55 PM
|
#13 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
In article <NVaYk.3785$wo4.2744@kovat.provo.novell.com>, Jim Burghart wrote:
> I did find another reference to this type of NAT issue posted back on > 10/05/2006. Sounds very similar to my issue. (Sleepy NAT). Does anyone know > if Wayne Gamradt actually resolved this? If so how? > All instances of 'sleepy nat' that I (vaguely) remember were solved a long time ago. I've not heard or seen such a NAT issue in years. > I also noticed on this sever that TCP/IP takes a long time to initialize at > startup. So long, it causes timesync to fail? Once the server is loaded, I > can reload timesync.nlm and it works fine. Has anyone experienced this? > That's just normal behavior for a BM server - frustrating, but basically just an annoyance in almost every case. I've seen a few servers where timesync had issues at that point, but simply unloading and reloading timesync (in autoexec.ncf) fixed them. Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
11-29-2008, 08:07 PM
|
#14 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
Thanks Craig,
I added the commands to the autoexec.ncf to unload then load timesync.nom , and it works fine now. I will need to check on the NAT table on Monday when we have a full load of people. I have a copy of the NAT table that filled up to 5000 causing a stop in traffic. I will go through and check the machines that have a lot of connections, some had 200 or more connections in the table. Thanks again for the help! Jim "Craig Johnson" <craigsj@ix.netcom.com> wrote in message news:VA.00004127.17779028@ix.netcom.com... > In article <NVaYk.3785$wo4.2744@kovat.provo.novell.com>, Jim Burghart > wrote: >> I did find another reference to this type of NAT issue posted back on >> 10/05/2006. Sounds very similar to my issue. (Sleepy NAT). Does anyone >> know >> if Wayne Gamradt actually resolved this? If so how? >> > All instances of 'sleepy nat' that I (vaguely) remember were solved a long > time ago. I've not heard or seen such a NAT issue in years. > >> I also noticed on this sever that TCP/IP takes a long time to initialize >> at >> startup. So long, it causes timesync to fail? Once the server is loaded, >> I >> can reload timesync.nlm and it works fine. Has anyone experienced this? >> > That's just normal behavior for a BM server - frustrating, but basically > just > an annoyance in almost every case. I've seen a few servers where timesync > had > issues at that point, but simply unloading and reloading timesync (in > autoexec.ncf) fixed them. > > Craig Johnson > Novell Support Connection SysOp > *** For a current patch list, tips, handy files and books on > BorderManager, go to http://www.craigjconsulting.com *** > > |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
11-29-2008, 09:54 PM
|
#15 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
In article <GOkYk.3881$wo4.367@kovat.provo.novell.com>, Jim Burghart
wrote: > I will go through and check the machines that have a lot of > connections, some had 200 or more connections in the table. > Are they not going through proxy? Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
11-30-2008, 12:08 PM
|
#16 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
Not the BorderManager proxy. Some of our users go direct, and some use a
stand alone proxy. Politically I can't get away with being very restrictive. So a larger number of users go direct. "Craig Johnson" <craigsj@ix.netcom.com> wrote in message news:VA.00004128.18f76071@ix.netcom.com... > In article <GOkYk.3881$wo4.367@kovat.provo.novell.com>, Jim Burghart > wrote: >> I will go through and check the machines that have a lot of >> connections, some had 200 or more connections in the table. >> > Are they not going through proxy? > > Craig Johnson > Novell Support Connection SysOp > *** For a current patch list, tips, handy files and books on > BorderManager, go to http://www.craigjconsulting.com *** > > |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
12-01-2008, 10:36 AM
|
#17 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
Ok, back to a normal day, and I am still seeing the NAT table filling.
I went to a "clean" computer and opened a connection to a site http://www.aquariumwaterfilters.com This is one in my NAT table that has a large number of connections to it from a client. I connected to the site, and by just connecting to the home page it created 62 connections in the NAT table from my IP address. These connections are not clearing, even after I shut down the computer. I was hoping I would find a client issue that explain this, but I don't think that is the case now. Thanks, Jim "Jim Burghart" <pumpkinj@nycap.rr.com> wrote in message news:cUyYk.3922$wo4.3452@kovat.provo.novell.com... > Not the BorderManager proxy. Some of our users go direct, and some use a > stand alone proxy. > > Politically I can't get away with being very restrictive. So a larger > number of users go direct. > > "Craig Johnson" <craigsj@ix.netcom.com> wrote in message > news:VA.00004128.18f76071@ix.netcom.com... >> In article <GOkYk.3881$wo4.367@kovat.provo.novell.com>, Jim Burghart >> wrote: >>> I will go through and check the machines that have a lot of >>> connections, some had 200 or more connections in the table. >>> >> Are they not going through proxy? >> >> Craig Johnson >> Novell Support Connection SysOp >> *** For a current patch list, tips, handy files and books on >> BorderManager, go to http://www.craigjconsulting.com *** >> >> > > |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
12-01-2008, 10:38 AM
|
#18 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
Here is a copy from the NAT table log showing the connections to the Aqua
filters site. Jim "Jim Burghart" <jburghar@nysutmail.org> wrote in message news:9ESYk.4083$wo4.2223@kovat.provo.novell.com... > Ok, back to a normal day, and I am still seeing the NAT table filling. > > I went to a "clean" computer and opened a connection to a site > http://www.aquariumwaterfilters.com This is one in my NAT table that has > a > large number of connections to it from a client. > > I connected to the site, and by just connecting to the home page it > created > 62 connections in the NAT table from my IP address. These connections are > not clearing, even after I shut down the computer. > > I was hoping I would find a client issue that explain this, but I don't > think that is the case now. > > Thanks, > > Jim > > > "Jim Burghart" <pumpkinj@nycap.rr.com> wrote in message > news:cUyYk.3922$wo4.3452@kovat.provo.novell.com... >> Not the BorderManager proxy. Some of our users go direct, and some use a >> stand alone proxy. >> >> Politically I can't get away with being very restrictive. So a larger >> number of users go direct. >> >> "Craig Johnson" <craigsj@ix.netcom.com> wrote in message >> news:VA.00004128.18f76071@ix.netcom.com... >>> In article <GOkYk.3881$wo4.367@kovat.provo.novell.com>, Jim Burghart >>> wrote: >>>> I will go through and check the machines that have a lot of >>>> connections, some had 200 or more connections in the table. >>>> >>> Are they not going through proxy? >>> >>> Craig Johnson >>> Novell Support Connection SysOp >>> *** For a current patch list, tips, handy files and books on >>> BorderManager, go to http://www.craigjconsulting.com *** >>> >>> >> >> > > |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
12-03-2008, 05:58 AM
|
#19 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
Jim Burghart wrote:
> Here is a copy from the NAT table log showing the connections to the Aqua > filters site. > > Jim load monitor!h , server parameters, communication, nat tcp connection timeout, by default 8 hours. Change it to 2. |
|
|
|
|
|
|
Re: Dynamic NAT table filling up |
|
|
|
|
12-04-2008, 07:21 PM
|
#20 |
|
Guest
Status:
Posts: n/a
|
Re: Dynamic NAT table filling up
So the plot thickens, I think. This is not a BorderManager problem from what
I can tell. It seems to be a Windows XP/Windows firewall/IE problem. I am just posting this as a follow-up so everyone knows the full story. I have isolated the behavior now. If I use IE 6 or 7 with the windows firewall (Ver 1.5) enabled, I get a ton of open close tcp traffic when requesting some web pages, but not all.. The connections open and close because the firewall drops packets, but the connections stay in the NAT table until the connection time out is reached. I now have it set for 1 hour, thanks Mysterious! I am seeing the opening and closing in the windows firewall log along with a bunch of dropped packets. If I disable the Windows firewall the problem goes away completely. I can also use Firefox, with or without the windows firewall on and it works fine so the issue is only with IE. I captured traffic to and from the server during a problem request using both conditions, and saw no real difference between with the firewall enabled, or not at the server. The packets are being dropped at the client. I can repeat this using both our BM servers one running 3.9 SP1 on NW 6.5sp7, and the other running 3.7 on NW65SP6, and using multiple Windows XP machines. It is only effecting certain sites, and is always corrected by disabling the windows firewall. Here is an extract from the Windows firewall log showing for dropped packets, and open/close activity from the web site 66.103.230.30. www.aquariumwaterfilters.com. -12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4972 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4973 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4973 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4974 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4974 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4975 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4975 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4976 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4976 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4977 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4977 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4970 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4978 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4979 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4978 80 - - - - - - - - - 2008-12-02 11:45:25 OPEN TCP 10.1.0.242 66.103.230.30 4980 80 - - - - - - - - - 2008-12-02 11:45:25 CLOSE TCP 10.1.0.242 66.103.230.30 4979 80 - - - - - - - - - 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4290 48 SA 2315198760 2359628516 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4291 48 SA 2305186690 3243992885 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4292 48 SA 2304886328 703770454 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4293 48 SA 2309407895 4066596432 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4294 48 SA 2305199731 800921536 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4295 48 SA 2309455607 1972462813 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4296 48 SA 2308523674 3789496453 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4297 48 SA 2310517848 2091849474 5840 - - - RECEIVE 2008-12-02 11:28:03 DROP TCP 66.103.230.30 10.1.0.242 80 4298 48 SA 2317522088 3012446622 5840 - - - RECEIVE In this case a lingering NAT entry was created for each drop packet. Here is what ends up in the NATLOG file. These connections will stay until the time out is reached. A total of 81 connections where made with this attempt. 2. 10.1.0.242 | 1808 | 55428 | 66.103.230.30 | 80| 10| 101 3. 10.1.0.242 | 1800 | 55420 | 66.103.230.30 | 80| 10| 154 4. 10.1.0.242 | 1799 | 55419 | 66.103.230.30 | 80| 10| 154 5. 10.1.0.242 | 1798 | 55418 | 66.103.230.30 | 80| 10| 154 6. 10.1.0.242 | 1797 | 55417 | 66.103.230.30 | 80| 10| 155 7. 10.1.0.242 | 1796 | 55416 | 66.103.230.30 | 80| 10| 155 8. 10.1.0.242 | 1795 | 55415 | 66.103.230.30 | 80| 10| 155 9. 10.1.0.242 | 1794 | 55414 | 66.103.230.30 | 80| 10| 155 10. 10.1.0.242 | 1793 | 55413 | 66.103.230.30 | 80| 10| 155 A number of our XP machines are doing this, and that is what was filling the NAT table. I have virus scanned, and checked them for spy etc, and found nothing abnormal. I will post what ever results I can find. Thanks again for the help. Jim "Jim Burghart" <pumpkinj@nycap.rr.com> wrote in message news:HonXk.3308$wo4.762@kovat.provo.novell.com... >I have a strange issue with a Bordermanager server. It is 3.9SP1 on a NW >6.5sp7 server. After the server has been running it stops passing traffic >to the Internet. I checked the NAT table and it has 5000 entries (the max I >believe) The entries are old, so it looks like it is not refreshing the >table. > > If I disable NAT on the public interafce, then enable it things start > moving again. > > Any ideas? > > Thanks, > > Jim > |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
|
|
|||
|
|
Powered by: vBulletin Version 3.0.7
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© 2003-2004 All Rights Reserved GroupBrowser LLC.
