[AusNOG] 30 Levels of Nat with Firewalls

[Narelle]

On Sun, Apr 17, 2011 at 2:18 PM, Cooper Ry Lees <me at cooperlees.com> wrote:
> A little Sunday 'easter egg' for fellow Network nerds ...
>
> We have a cupboard full of the old and terrible PIX 501 firewalls sitting
> around. Due to this I wanted to 'daisy chain' as many as I could together to
> see how things would operate behind X levels of nat. I ended up getting 30.
> Here is a blog post and video of the findings ...
> http://cooperlees.com/blog/?p=369


A great piece of work Cooper! Nice one.

I wonder how things would have gone if you'd actually stress tested it
a bit, added a few hundred (thousand?) clients at each layer and
started to work a few other protocols out, got a few people
downloading a certain popular maps application... or run a database in
there somewhere throwing a few thousand threads up... oo and a proper
voip gateway.

Proxying a couple of streams is all very well, but it's when there are
many people running many apps that you'll start to see improper
handling or failures of various flows to be proxied.

Nice work, though. 30. I'm kinda sad it worked...



-- 


Narelle
narellec at gmail.com