Hi all, I need to study a solution based on iptables for a large number of networked hosts. It will be used as a central wategay for the networks we have at University of Alcalá. We need to perform a large numer of NAT (above 3000 host or so) for the internal networks and filtering for several ranges of public addresses for web servers and things like that. Our main campus backbone is ATM based but we plan to deploy our solution on gigabit links attached to our routers because we think this setup will be more stable that managing ATM and lane connections at the firewall. Currently we have a setup for filtering access for our public web servers and networking services based on dual Pentium III at 800Ghz 1Gb RAM and kernel 2.4.2x customized over RedHat 7.3 but we have no idea of behavior of iptables connection tracking on managing large number of network clients. Anyone know benchmarking test results, or studies of netfilter performance carried by some people, that we can see in order to decide how much hardware resouces we need, best distributions for doing so or high performance projects base on netfilter/iptables? Thanks in advance, Clist -- ------------------------------------------------- Clister UAH -------------------------------------------------
