I am trying to approximate the maximum number of open TCP connections
that an OpenBSD firewall can support at any given time.
The scenario here is a firewall with 2 interfaces, a bunch of Web
servers behind it on private IP addresses, a fairly simple set of rules
(NAT each server on a public IP address on the external interface, allow
HTTP in, deny the rest).
How much memory is used by every new TCP connection that the firewall
needs to keep track of? Will the firewall run into other problems before
it runs out of memory? Will NAT use memory in the scenario described above?
--
Florin Andrei
http://florin.myip.org/