Re: A Router

To: debian-isp@lists.debian.org
Subject: Re: A Router
From: "curby ." <curby.public@gmail.com>
Date: Tue, 27 Sep 2005 21:30:46 -0600
Message-id: <[🔎] 5d2f3791050927203030fa3b65@mail.gmail.com>
Reply-to: "curby ." <curby.public@gmail.com>
In-reply-to: <[🔎] 200509271130.42902.alienonearth@spymac.com>
References: <[🔎] 200509271130.42902.alienonearth@spymac.com>

On 9/27/05, Omar <alienonearth@spymac.com> wrote:
> Hi All,
>   Can one debian router handle the routing and NAT of around 100-120 users,
> who are on 6 seperate networks?  Thanks

I agree with Mariusz, it's mostly a question of implementation.  For a
reasonably complex network, you can guess expected traffic profiles
and design the firewall so the average number of rules traversed by
packets is minimized.  For example, some people will separate UDP and
TCP rules into separate custom chains, so that UDP traffic doesn't
have to traverse TCP rules that will never match, etc.

As for hardware, I can't remember the formula for converting tracked
sessions to Megabytes of memory necessary... you can probably find
that on sites like netfilter.org.  The netfilter mailing lists also
have some threads talking about high-traffic firewalling with
netfilter... like saturating Gig or 10Gig pipes.  My organization's
network sees several terabytes of traffic a day, has over 10k users,
and successfully uses iptables to filter and monitor traffic.

Reply to:

References:
- A Router
  - From: Omar <alienonearth@spymac.com>

Prev by Date: Best Buy MMS Notification File Stripped
Next by Date: Re: A Router
Previous by thread: Re: A Router
Next by thread: Re: A Router
Index(es):
- Date
- Thread