Date: Wed, 6 Jun 2012 21:27:27 -0500 From: David Duchscher <daved@tamu.edu> To: darrenr@freebsd.org Cc: freebsd-net@freebsd.org, hgcheng@berkeley.edu Subject: Re: NAT with Port-block Allocation in FreeBSD? Message-ID: <A0065E68-B2DC-44E8-A41F-97F3BA3CEACB@tamu.edu> In-Reply-To: <4FCE6C29.3070903@freebsd.org> References: <4FCE6C29.3070903@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_F81E394A-94A1-4AC0-882F-18FE80AD4BA3 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-8859-1 On Jun 5, 2012, at 3:29 PM, Darren Reed wrote: > In IPFilter, the "map-block" ipnat rule serves exactly the > purpose that you are looking for. It provides address > translation of network addresses for N:M and uses ports > to multiplex them in. >=20 > Thus a /16 can be nat'd to a /8 with the other 8 bits > used in the port number. >=20 > The results of the NAT'd packets are such that if you are > given an external IP address and port number, you can > calculate which internal IP address was used without having > to know what was the currently active state of the machine. >=20 > A typical rule might look like this: > map-block le0 10.0.0.0/16 -> 203.1.1.0/24 ports auto Darren, This is very interesting. We currently use PF to NAT our wireless = network and we too would like to reduce the logging load. We currently = run around 40-50k state entries per box (4 systems). We are planning on = adding 4 more systems in the next month so we have more room and better = handling of failures. Researching ipnat, I see that modifications to = the ipnat.h header might be needed for it to handle our load. We = currently have 31 vlans with /22 network assigned to the system. Do you = feel ipnat can handle this load? Do you have any recommendations for = the various values? Thanks for your time and help, -- DaveD --Apple-Mail=_F81E394A-94A1-4AC0-882F-18FE80AD4BA3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A0065E68-B2DC-44E8-A41F-97F3BA3CEACB>