NATD and available ports
Barney Wolff
barney at databus.com
Mon Jan 12 10:18:55 PST 2004
On Mon, Jan 12, 2004 at 05:45:39PM +0200, Andriy Korud wrote:
> Hi.
> I need to run nat box for ~2000 clients with up to 300.000 active connections.
> ipnat doesn't handle such load, so I'm going to try natd - but worry that natd
> will simply use all available outgoing ports and then crash.
> I have 128 public IP's and in ipnat's configuration just map smaller blocks of
> private IP's into certain public IP, but have no idea how can I do this using
> natd.
You can run multiple copies of natd, each one on its own divert socket.
ipfw rules can decide which internal machines & which external addresses
go to which divert socket.
Performance may well be an issue, depending on bandwidth. Perhaps one
NAT box per 100 client boxes would not be overkill - is adding 1% to
the h/w budget unreasonable?
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-net
mailing list