From owner-freebsd-questions Tue Apr 3 21:50:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mailhub.solidnet.net (mailhub.solidnet.net [209.221.176.142]) by hub.freebsd.org (Postfix) with ESMTP id 5051337B722 for ; Tue, 3 Apr 2001 21:50:11 -0700 (PDT) (envelope-from kevan@solidnet.com) Received: from e5m5c0 (pm1-ra-16.solidnet.net [63.249.9.21]) by mailhub.solidnet.net (8.11.2/8.11.2) with SMTP id f344o9H04331 for ; Tue, 3 Apr 2001 21:50:10 -0700 From: "Kevan Olhausen" To: Subject: ipchains and natd Date: Tue, 3 Apr 2001 21:48:57 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've been using ipchains on Linux for our buisness's firewall so I can masquerade the connections. I recently had the opportunity to change the OS to FreeBSD 4.2 so I set it up with natd and ipfw. The problem was that as soon as there were a few simultanious connections the natd process would start getting 15%-25% CPU time when I looked at top and the connections would eventually start to get slower the more connections there were. The hardware is a Pent II 166. ipchains didn't seem to have any kind of performance hit (because it's using the kernel, I think) but natd is a separate process and it appears to be more vulnerable. Any thoughts on if this is normal and is there any ipchains-type implementation on FreeBSD? Thanks! ------- Kevan Olhausen kolhausen@windermere.com Information Technologies To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message