Date: Wed, 28 Jun 2000 11:08:03 -0400 From: Nathan Vidican <webmaster@wmptl.com> To: Evan Tsoukalas <evan@sourcee.com> Cc: questions@freebsd.org Subject: Re: NATd load question Message-ID: <395A14D3.384BBAD3@wmptl.com> References: <20000623120131.B14899@sourcee.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Evan Tsoukalas wrote: > > Hello, > > I've been running natd on a -CURRENT FreeBSD box for several > months now to share my cable modem between the four computers on > my home network. It's been a rather painless experience, and even > during fairly heavy server loads (make buildworld's), there isn't > any real noticeable degradation in performance. > > I now need to look into a large scale natd implementation for > work (250+ computers), so I went to the archives to see if > someone had posted about a natd implementation of that size. > After browsing through a lot of posts, I noticed that the question > has come up several times, but I couldn't, for the life of me, find > an answer. > > So, has anyone used natd for a 200+ computer network? If so, > what did your hardware config look like? Any tips? > > Also, during my search, I saw a post in early April stating that > the standard ipfw config for natd > > ipfw -q flush > ipfw add 100 divert natd ip from any to any via $natd_interface > ipfw add 200 allow ip from any to any > > places a lot of load on the server by sending local packets that > don't need translation to the daemon anyway. Does anyone have > any suggestions on how to do this better? > > Any help would be greatly appreciated. > > -- > Regards, > > Evan Tsoukalas > Systems Administrator > Source Electronics Corporation > evan@sourcee.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message We recently setup the internet access for a large convention here in Windsor Ontario. We ran two NATD boxes, each with a Class B network. The hardware is as follows: 4U Rackmount Chassis, 300W P/S ATX Microstar Super Socket 7 Board, AMD K6-2 500mhz 128megs PC100 4meg Generic AGP video Realtek 10/100 PCI NIC (rl0) Ne2000 PCI Clone, (ed1) One box ran to an internal LAN, (192.168.x.x/255.255.0.0), the other two a wireless ethernet on 10.0.x.x/255.255.0.0). Both boxes tied into the private networks with the 100BaseTX cards running full-duplex to switches (directly to an access point router in the case of the wireless box). The ed1 interface was tied to a small hub connected to a Cisco router running a partial T3 to the internet. The machines costed less than $1000 (Canadian funds ~700US at the time), and ran flawlessly. They all ran with a load average of less than 5% for the most part, and didn't fail once for the entire event. Price/performance, I'd reccomend you go with an AMD K6 CPU (500mhz = $80CDN ~50US). This would be my ideal reccomendations for the hardware. The machine I'm sitting on writting this email is connected to the internet through a natd box here, as are approx 60 other machines. This natd boxes configurations is as follows: FreeBSD 3.4 486SX 25mhz 16megs RAM 212meg IDE Disk (2) SMC ISA NE1000 compatable NIC's (ed0/ed1) Uptime: 10:52AM up 126 days, 2:49, 1 user, load averages: 0.00, 0.01, 0.03 The box has run perfectly ever since it's initial installation; I havn't touched it short of installing a UPS sometime ago. (Power isn't all that great around here, and I didn't want to have to worry about it rebooting all the time). In both cases, once the machines were up and running, I disabled all services, (no inetd, no sendmail, no ftp, etc), removed the monitor and keyboard and left them be. The little 486 here runs perfectly just sitting there in the server room on a shelf; if it goes down then it takes like <2mins to reboot and resume functioning. One thing I do reccomend, is that if you're going to dedicate a machine to NATD, that you use the smallest hardrive you can afford to trust. The reason being that when/if it does reboot without being dismounted properly, (eg power failure), it doesn't take long to get through fsck at startup. That's pretty much my extent of knowledge when it comes to NATD, hope it helps. -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395A14D3.384BBAD3>