From owner-freebsd-net@FreeBSD.ORG Mon Jan 12 11:13:24 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7459916A4CE for ; Mon, 12 Jan 2004 11:13:24 -0800 (PST) Received: from brainlink.com (mail.brainlink.com [66.228.0.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62C4D43D60 for ; Mon, 12 Jan 2004 11:13:14 -0800 (PST) (envelope-from anthonyv@brainlink.com) Received: from [24.185.193.147] (HELO superior.local.non-standard.net) by brainlink.com (CommuniGate Pro SMTP 4.1.5) with ESMTP id 26555041; Mon, 12 Jan 2004 14:13:13 -0500 Date: Mon, 12 Jan 2004 14:13:21 -0500 (EST) From: Anthony Volodkin X-X-Sender: anthonyv@superior.local.non-standard.net To: Barney Wolff In-Reply-To: <20040112181853.GA20984@pit.databus.com> Message-ID: <20040112141146.N51689-100000@superior.local.non-standard.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org cc: Andriy Korud Subject: Re: NATD and available ports X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Jan 2004 19:13:24 -0000 Hey, Just curious, but why do you need to use NAT with 2000 clients and that many connections/traffic? Surely there might be another solution. -Anthony On Mon, 12 Jan 2004, Barney Wolff wrote: > On Mon, Jan 12, 2004 at 05:45:39PM +0200, Andriy Korud wrote: > > Hi. > > I need to run nat box for ~2000 clients with up to 300.000 active connections. > > ipnat doesn't handle such load, so I'm going to try natd - but worry that natd > > will simply use all available outgoing ports and then crash. > > I have 128 public IP's and in ipnat's configuration just map smaller blocks of > > private IP's into certain public IP, but have no idea how can I do this using > > natd. > > You can run multiple copies of natd, each one on its own divert socket. > ipfw rules can decide which internal machines & which external addresses > go to which divert socket. > > Performance may well be an issue, depending on bandwidth. Perhaps one > NAT box per 100 client boxes would not be overkill - is adding 1% to > the h/w budget unreasonable? > > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >