Hi,
I'm setting up a gateway (1.7 Ghz machine with 1 Gig of ram) for 700+
users using pf with NAT and BINAT's (90% NAT). I would like to know
if anyone has any recommendations on tweaking the runtime options in
PF. This box will pretty much just be handling the natting with a bare
minimum of filtering, just enough to keep the box secure.
Nat statement: ($src_nat is a public /25)
nat on $public_if inet from <client_subs> to any -> $src_nat source-hash
Binat statement: (which isn't working for some reason but I'll figure
that out)
binat-anchor one2ones
load anchor one2ones from "/etc/one2ones"
If anyone has some experience with a similar sized setup, I'd really
appreciate hearing from you. If there's any other adjustments I can
make to keep the performance up, I'd be interested in those also.
Thanks,
Steve