On 2/23/06, Steve D. <[EMAIL PROTECTED]> wrote: > I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+ > users using pf with NAT and BINAT's (90% NAT). I would like to know > if anyone has any recommendations on tweaking the runtime options in > PF. This box will pretty much just be handling the natting with a bare > minimum of filtering, just enough to keep the box secure. > > Nat statement: ($src_nat is a public /25) > nat on $public_if inet from <client_subs> to any -> $src_nat source-hash > > Binat statement: (which isn't working for some reason but I'll figure > that out) > binat-anchor one2ones > load anchor one2ones from "/etc/one2ones" > > If anyone has some experience with a similar sized setup, I'd really > appreciate hearing from you. If there's any other adjustments I can > make to keep the performance up, I'd be interested in those also.
try it, deploy it. your cpu/mem should handle it easily. the only thing I can imagine is running into the default state limit. see man pf.conf the part about "set limit". --knitti
