Re: Hair pinning with pf and NetBSD

To: "Sarton O'Brien" <bsd-xen%roguewrt.org@localhost>, "Daniel Hagerty" <hag%linnaean.org@localhost>
Subject: Re: Hair pinning with pf and NetBSD
From: "Malcolm Herbert" <mjch%mjch.net@localhost>
Date: Wed, 25 Nov 2009 10:35:47 +1100

On Wed, 25 Nov 2009 10:30 +1100, "Malcolm Herbert" <mjch%mjch.net@localhost>
wrote:
> I have a similar problem I'm trying to solve with ipf on Solaris, so
> it's a little off topic for this list, but essentially we're wanting to
> be able to have our applications configured for some (possibly fake) IP
> a.b.c.d and then use NAT on the same host to redirect these connections
> to remote hosts w.x.y.z or i.j.k.l depending on which is up at the time
> ... 

Joerg's previous reply reminded me - in this instance we can't use
netcat/socat as the application maintains a connection pool of around
50-70 open connections ...

even on a fairly grunty box that many proxy processes hanging around at
2.5M + 2FD per process is Not Good[1] ... which is why I wanted to just
use NAT and keep the state to a minimum ... 

Regards,
Malcolm

[1] we actually delivered a solution based on this before we knew about
the connection pool sizing ... uncomfortable moment, that.

-- 
Malcolm Herbert                                This brain intentionally
mjch%mjch.net@localhost                                                left 
blank

References:
- Re: Hair pinning with pf and NetBSD
  - From: Brian Buhrow
- Re: Hair pinning with pf and NetBSD
  - From: Joerg Sonnenberger
- Re: Hair pinning with pf and NetBSD
  - From: Daniel Hagerty
- Re: Hair pinning with pf and NetBSD
  - From: Sarton O'Brien
- Re: Hair pinning with pf and NetBSD
  - From: Malcolm Herbert

Prev by Date: Re: netbsd5-i386 is broken for me after this weekend's changes
Next by Date: daily CVS update output
Previous by Thread: Re: Hair pinning with pf and NetBSD
Next by Thread: Re: Hair pinning with pf and NetBSD
Indexes:

Home | Main Index | Thread Index | Old Index