Date: Thu, 31 May 2001 01:03:06 -0700 From: dive <dive@ender.com> To: Doug Lee <dgl@visi.com> Cc: freebsd-stable@freebsd.org Subject: Re: Should IPFilter be pulled from FreeBSD as well Message-ID: <20010531010306.B14387@dragon.ender.com> In-Reply-To: <20010530223704.A33752@kirk.sector14.net>; from dgl@visi.com on Wed, May 30, 2001 at 10:37:04PM -0400 References: <20010530134800.A24208@dragon.ender.com> <20010530223704.A33752@kirk.sector14.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't know if its my particular setup that makes ipnat faster, or just the fact that with ipnat the NAT is done in the kernel not in a daemon - I haven't tested ipnat vs. natd on any other setup yet since I just started using ipnat. my setup is: a FreeBSD server (Celeron 533mhz, 256MB ram) with a dual port 100TX network adapter (thunderlan chipset, compaq card tho), a cable modem which is connected to one port, and my internal LAN which consists of a NetBSD machine, a FreeBSD laptop, and a 'doze box. I'm using ipnat on the freebsd server to give the lan net access through the cable modem, and i've been comparing ipnat / natd by downloading a file from the internet to one of the The client machines with the server running natd, and then downloading it with the server using ipnat. so far with both the netbsd box and freebsd laptop it seems to work faster with ipnat than natd, haven't tried it from the windows box 'cause I hate that thing ;) I've never had natd bog down anything, but I've had it sit at the top of top (no pun intended) and eat 60-90% cpu before while multiple LAN machines were downloading through it. On Wed, May 30, 2001 at 10:37:04PM -0400, Doug Lee wrote: > Just curious... what about your setup makes ipf/ipnat so much better > performers than ipfw/natd? I've always used ipfw/natd but keep > thinking about changing to ipf/ipnat. For one thing, natd is hard to > reconfigure on the fly, and I think (from what little I remember) > ipnat can handle this easily without a kill/restart... > > But I've never seen natd bog down anything, even a 486-66 (DSL, > 640/256KBPS; 100BaseT LAN on other NIC, maybe 15 machines; the box is > the Internet server there). > > On Wed, May 30, 2001 at 01:48:00PM -0700, dive wrote: > > I'm in favor of keeping ipf in the base system, since the base system is (understandably) > > watched a lot more closely for bugs and generally things tend to get fixed in the base > > more quickly (such as the recent fragmentation issue in ipfilter) > > I use ipfilter / ipnat in favor of ipfw/natd, since ipnat greatly outperforms natd in my > > setup. > > -Sean > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > -- > Doug Lee dgl@visi.com http://www.visi.com/~dgl > Bartimaeus Group doug@bartsite.com http://www.bartsite.com > "It's not easy to be crafty and winsome at the same time, > and few accomplish it after the age of six." --D. Sutton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010531010306.B14387>