Re: PF limit on number of natted connections ?

["Joseph C. Bender" <benderjc@benderhome.net>]

At 12:07 PM 6/13/2002 -0700, you wrote:
>On Thu, Jun 13, 2002 at 12:45:02PM -0500, taproot420 wrote:
>
>Having  said all  this,  you  almost certainly  don't  want to  do
>NAT  for anywhere  near enough  hosts to  approach theoretical  or
>practical limits.   Careful use of  proxy servers will give  you a
>big boost in  performance and security for  most environments and,
>at the same time, nearly eliminate the need for NAT. If that's not
>an option, you probably really, really need routable IP addresses.
>
	Could you clarify what you mean by "nearly eliminate the need for NAT?" 
 As in route everything through proxying?

I have to say I've got issues with that if it's the case, but it might be
more of an
opinion thing.

NAT as a security method is something to consider too.

Besides, if your org is that large, you do have (in that example) more than
one firewall, redundant, 
and balancing traffic by subnet, right?  <grin>
Signing off, 

Joseph Bender
benderjc (at) benderhome.net
This account is used primarily for reading and responding to mailing list
traffic and is not my main mailing address.
My main mailing address is jcbender (at) benderhome.net
---
"Does the government fear us?  Or do we fear the government?  When the people
fear the government, tyranny has found victory. The federal government is our
servant, not our master."  ---Thomas Jefferson