Re: [m0n0wall] How to limit max. number of NAT translation (sessions) on m0n0wall to single IP on LAN side

From:	Travis Dixon <travisd at tubas dot net>
To:	Hynek Cihlar <hynek dot cihlar at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] How to limit max. number of NAT translation (sessions) on m0n0wall to single IP on LAN side
Date:	Tue, 9 Nov 2004 18:15:00 -0500 (EST)

On Wed, 10 Nov 2004, Hynek Cihlar wrote:

> Yes, we've tried the new beta, but with the same problem.
>
> But you are right, there is too many connections from the LAN side.
> When we allow only the basic web services rejecting connections with
> nonstandard destination ports, the problem wanishes, everything is
> fine.
>
> However I don't think that this is the right solution to this. There
> must be a more systematic approach.
>
> Can anyone help with this one?
>

You probably have machines infected with the windows Worm-du-jour. These will
generally cause so many connection that even commercial firewalls get overwhelmed.

You should probably set up a machine with something like ethereal on the LAN side
and look for the offending machines.