Skip to main content

Nating limits

More
20 years 8 months ago #285 by tfs
Nating limits was created by tfs
Is there an optimum limit for Nat Overloading? We have an organization of about 50 people accessing the Internet only moderately. Would this be a problem with most routers? What about a small business router/firewall - such as a linksys firewall router.

Would this be too much for this size router or should I go to a more higher end router.

Thanks,

Tom.
Thanks,

Tom
More
20 years 8 months ago #286 by jackeen
Replied by jackeen on topic Nating limits
Hi Tom

as far as i know it depends on your router and what in can handle,i would suggest that you check you routers documentation,

say for instance if you router can handle a maximum of 253 connections then 50 shouln't be a problem.by the way this number is just one i got of the linksys web site for one of there routers and what it could manage

I know that ICS - internet connection sharing with is used on windows uses a version of nat overloading and is limited to 10 connections,but this is just a cut down version of nat overloading,
More
20 years 8 months ago #287 by tfs
Replied by tfs on topic Nating limits
I only was concerned if there is a "reasonable" limit. The fact that Linksys says it can handle 255 doesn't tell me if that means it can handle it, but it will be at a crawl.

I was looking at either Linksys, for about $100, or at Sonicwall, for about $500.

Thanks,

Tom.
Thanks,

Tom
More
20 years 6 months ago #796 by sahirh
Replied by sahirh on topic Re: Nating limits
Hi Tom,
while I don't have definitive proof that the router wont slow down to a crawl, I can tell you from personal experience that there is a really small ISP here offering cable modem services, they're using a small/medium size business router.. not linksys but cisco.. and they're overloading about 150 - 200 connections at peak time.. they don't have any load troubles..
A while ago they had that router set up with the default password of cisco .. If they still had i could have given you an actual cpu utilisation percentage hehe ;) however when i dropped them the tip they closed it up :(

that aside, I don't think overloading 50 addresses should be a problem at all.. though keep in mind the processing requirements will go up if you have a huge number of access lists (since you said router/firewall).. if that becomes a problem you could just use the router purely as a nat device and shove some 486 or similar box behind it with linux iptables as the firewall. That way you'll take the load of filtering traffic off the router (something thats considered a good idea among a lot of old-school network engineers anyway)

Sahir
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.148 seconds