Mans Nilsson wrote: >>> Do not NAT. When all those people want to do social networking to the same >>> furry BBS while also frequenting three social app sites simultaneously >>> you are going to get Issues if you NAT. So don't.
> I am not suggesting that. I'm just trying to point out that there > might be a bunch of assumptions that aren't as true anymore when a > lot of client connections share both source and destination address, > and perhaps also destination port. If this happens simultaneously when > a large amount of other tcp connections are NATed through the same box, > resource starvation will occur. Then, an advise better than yours is Chris's: : with small budgets. : You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM : minimum. Run your DNS resolver and DHCP here, unless you have : hardware to spare. : Bandwidth. Lots of Bandwidth. posted before yours. > If public address space is available, > it is better to use that. It depends on budgets and other factors. > Also, no NAT means there will be no session > timers for things like long lived low bandwidth tcp sessions. Assuming no NAT firewalls without very large connection tables, not necessarily. Masataka Ohta