We have recently switched providers, and have been re-assigned a
network in the 72.0.0.0 block, which was released last year. We are
finding a significant number of sites that are filtering traffic from the
70/71/72 networks due to them being previously reserved. Trying to
change this is like pushing a rope.
So we are considering trying to NAT our outgoing proxy, incoming web,
and mail traffic on our firewall, which has a 64.x external IP. The problem
is a concern with latency and load. Our squid proxy services about 400
concurrent users, with peak traffic of 40-60 connections per second, and
total requests of about 2M /day. Traffic is limited with delay pools to about
500KB/second on a 10Mb/s internet feed.
Has anyone run this kind of volume through a shorewall NAT setup with a
single external NAT IP? Is it feasible? The firewall hardware is a P4 2.4G
with 512Mb RAM, dedicated to the task, running Shorewall 2.10 on a
Linux 2.4 kernel.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright@sls.bc.ca
