Performance question
-
Hello,
For a corporate network in co-location, i'll setup a Psense box (Xeon 2.6Ghz + 3 intel Nic).
The bandwith will be around 50Mb/s, 32 publics IP and we will have 3 web servers under high traffic (500 000 connections/server per day) and 2 Mails servers, 2 Database servers.
In term of performance is it better to use NAT 1:1 with virtual IPs or simply use a Port fowarding ?
Thanks
-
You'll need virtual IPs for this, no matter if using portforwards or 1:1. Depending if you need lots of ports or just single ports (like a webserver) I would use portforwards for this rather than 1:1. Btwm with that box on a 50 mbit/s link you shouldn't have performance issues anyway.
-
I will only need few ports (Web & Mail, remote administration, ssh, ftp).
I will bridge one Nic for a pool of web servers with public IPs and one the other Nic i'll use a simple port fowarding for some services.
-
If you have as many or more public IP's as internal servers, I would suggest using only 1:1 for ease of setup and administration. It's much easier to deal with a firewall where X public IP maps to Y private IP, vs. X public IP port A maps to Y private IP port B, X public IP port C maps to Z private IP port D, etc. etc. With 32 public IP's that could get out of hand quickly.
-
Btw, portforwards work with natreflection, 1:1 nat not, only in case you need that feature.