From owner-freebsd-questions Wed Jun 28 5: 6:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from durango.picus.com (durango.picus.com [209.100.20.19]) by hub.freebsd.org (Postfix) with ESMTP id 5205D37B56D for ; Wed, 28 Jun 2000 05:06:28 -0700 (PDT) (envelope-from troy@picus.com) Received: from abyss [209.100.22.250] by durango.picus.com (SMTPD32-5.05) id A99B1FD0254; Wed, 28 Jun 2000 08:03:39 -0400 From: "Troy Settle" To: "Evan Tsoukalas" , Subject: RE: NATd load question Date: Wed, 28 Jun 2000 08:05:14 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal In-Reply-To: <20000623120131.B14899@sourcee.com> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Evan, I have ~230 systems behind an AMD K6-2/350 w/64MB. It's also the mail server for all those people, and does some light web serving. Uptime on this box is 455 days (since I put it into service), and has been 100% maintenaince free (except for adding/deleting users). At another site, I deployed a 486/66 w/32MB to do NAT for about 50 workstations. It was also 100% reliable for the 3 months it was in service. The customer hired their own IT person with linux experience. They replace my NAT solution with a Linux box, and haven't been up for more than 3 days at a time since. Here's my IPFW rules: 00100 divert 8668 ip from any to any via ed1 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65535 allow ip from any to any I don't know if they're optimal, but they seem to work well enough HTH, -- Troy Settle Network Analyst Picus Communications 540.633.6327 ** -----Original Message----- ** From: owner-freebsd-questions@FreeBSD.ORG ** [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of ** Evan Tsoukalas ** Sent: Friday, June 23, 2000 12:02 PM ** To: freebsd-questions@freebsd.org ** Subject: NATd load question ** ** ** Hello, ** ** I've been running natd on a -CURRENT FreeBSD box for several ** months now to share my cable modem between the four computers on ** my home network. It's been a rather painless experience, and even ** during fairly heavy server loads (make buildworld's), there isn't ** any real noticeable degradation in performance. ** ** I now need to look into a large scale natd implementation for ** work (250+ computers), so I went to the archives to see if ** someone had posted about a natd implementation of that size. ** After browsing through a lot of posts, I noticed that the question ** has come up several times, but I couldn't, for the life of me, find ** an answer. ** ** So, has anyone used natd for a 200+ computer network? If so, ** what did your hardware config look like? Any tips? ** ** Also, during my search, I saw a post in early April stating that ** the standard ipfw config for natd ** ** ipfw -q flush ** ipfw add 100 divert natd ip from any to any via $natd_interface ** ipfw add 200 allow ip from any to any ** ** places a lot of load on the server by sending local packets that ** don't need translation to the daemon anyway. Does anyone have ** any suggestions on how to do this better? ** ** Any help would be greatly appreciated. ** ** -- ** Regards, ** ** Evan Tsoukalas ** Systems Administrator ** Source Electronics Corporation ** evan@sourcee.com ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-questions" in the body of the message ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message