Is proxy ARP running by default on a typical BSD install? I am talking about ARPS. The only traffic I can see coming into the box is ARP when I do a network trace. As soon as I disable the customer, NAT returns to normal as far as the entries are concerned. I enable the customer and then I start increasing the table entries. I may be clueless, but I thought BSD did not do Proxy ARP with the default install.
Let me know. Aaron Leach iProvo Network On 6/18/05, tony sarendal <[EMAIL PROTECTED]> wrote: > On 18/06/05, Aaron Leach <[EMAIL PROTECTED]> wrote: > > Is this possible using PF? We are using OBSD 3.6 (and newer if needed) > > as a network provider to ISPs. Customers southbound have viruses that > > send out 100 ARPs a second. This loads up the NAT table therefore > > making the NAT box useless. I am trying to clear the NAT quicker, but > > this makes other services such as chat useless through NAT. The > > customers also send out other forms of broadcasts, hence, can PF > > priortize them? > > > > I don't see how an ARP would trigger anything that has do with NAT. > Are we talking proxy ARP here ? > > I belive PF has features to limit sessions per host, so you should be > able to configure it to minimize the impact of problematic hosts. > > /Tony