[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PF limit on number of natted connections ?
At 12:07 PM 6/13/2002 -0700, you wrote:
>On Thu, Jun 13, 2002 at 12:45:02PM -0500, taproot420 wrote:
>Having said all this, you almost certainly don't want to do
>NAT for anywhere near enough hosts to approach theoretical or
>practical limits. Careful use of proxy servers will give you a
>big boost in performance and security for most environments and,
>at the same time, nearly eliminate the need for NAT. If that's not
>an option, you probably really, really need routable IP addresses.
Could you clarify what you mean by "nearly eliminate the need for NAT?"
As in route everything through proxying?
I have to say I've got issues with that if it's the case, but it might be
more of an
NAT as a security method is something to consider too.
Besides, if your org is that large, you do have (in that example) more than
one firewall, redundant,
and balancing traffic by subnet, right? <grin>
benderjc (at) benderhome.net
This account is used primarily for reading and responding to mailing list
traffic and is not my main mailing address.
My main mailing address is jcbender (at) benderhome.net
"Does the government fear us? Or do we fear the government? When the people
fear the government, tyranny has found victory. The federal government is our
servant, not our master." ---Thomas Jefferson