Ipnat

IPFilter Tuning on FreeBSD

If you're running ipfilter and ipnat on a fairly busy network, you may have to tune ipfilter to accomodate more than the default 30,000 NAT routings. These settings in your rc.conf should allow you to operate comfortably on a GigE network. ipfilter_flags=”-D -T ipf_nattable_sz=34487, ipf_nattable_max=600011, fr_tcpidletimeout=7200, fr_tcphalfclosed=300, fr_statemax=21529, fr_statesize=30757 -E” Keep in mind: Some of the tunings need to be prime numbers or you’ll get a lot of bad NATs (viewed using the command ipnat -s).