[Shorewall-users] Squid through NAT

Shawn Wright swright at sls.bc.ca
Wed Mar 9 09:11:51 PST 2005


We have recently switched providers, and have been re-assigned a 
network in the 72.0.0.0 block, which was released last year. We are 
finding a significant number of sites that are filtering traffic from the 
70/71/72 networks due to them being previously reserved. Trying to 
change this is like pushing a rope. 
So we are considering trying to NAT our outgoing proxy, incoming web, 
and mail traffic on our firewall, which has a 64.x external IP. The problem 
is a concern with latency and load. Our squid proxy services about 400 
concurrent users, with peak traffic of 40-60 connections per second, and 
total requests of about 2M /day. Traffic is limited with delay pools to about 
500KB/second on a 10Mb/s internet feed.

Has anyone run this kind of volume through a shorewall NAT setup with a 
single external NAT IP? Is it feasible? The firewall hardware is a P4 2.4G 
with 512Mb RAM, dedicated to the task, running Shorewall 2.10 on a 
Linux 2.4 kernel.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Shawn Wright, I.T. Manager
Shawnigan Lake School
http://www.sls.bc.ca
swright at sls.bc.ca




More information about the Shorewall-users mailing list