I am trying to determine whether using an OpenBSD system to perform institutional NAT for our wireless users would be a viable option.
At the present time we are evaluating the A10 Thunder CGN appliance. There are a few issues for which I would like to get some input for those using pf for NAT in large environments ( > 10k users ) * are there problems with arp cache resources ? * can logging be modified to use radius ? We really need some hooks to determine who is/was responsible for a given session. Thanks in advance for any operational experience you may have using pf in a similar environment. -- Russell Sutherland I+TS email: russell.sutherl...@utoronto.ca office: +1.416.978.0470 mobile: +1.416.803.0080
