-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin Hao wrote: > we use a home grown nat system, the built in cisco system doesn't > provide enough logging data/capacity.
Same here, and just to add that we have put some work into successfully getting netflow out of Linux Netfilter/IPTables with NAT data, which allows our CERT to trace problem users. I hope to publish some of this later in the year so drop me a line off-list if you want a link sending on. Like others in the thread, we got to a /22 of public IPs and realised it was just never going to stop growing, so switched to NAT at that point. - -- Oliver Gorwits, Network and Telecommunications Group, Oxford University Computing Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKW/IT2NPq7pwWBt4RAsilAJ9srb8rbejaPmGGFSkR1tHgCSVuYwCeO+pg 0xg5PFTDHlF70769MvjYdS0= =SWtn -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
