Date: Tue, 3 Apr 2001 22:20:40 -0700 From: "Chuck Sumner" <csumner@omnisky.com> To: "'Kevan Olhausen'" <kevan@solidnet.com>, <questions@FreeBSD.ORG> Subject: RE: ipchains and natd Message-ID: <001201c0bcc6$fe08a5e0$c803a8c0@CSUMNER> In-Reply-To: <NFBBLLFDMLANHLJIJNPAEEFDCAAA.kevan@solidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfilter is an ipchains like implementation for freebsd and other *nix's. it is kernel based also. http://coombs.anu.edu.au/ipfilter/ is the main site and has link to great documentation, like: http://www.obfuscation.org/ipf/ i've had far better luck with ipfilter. id say its easier to configure than both ipchains and ipfw. it does everything i need and the over head is very low. ive managed to build quite a few very effective firewalls with it chuck -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kevan Olhausen Sent: Tuesday, April 03, 2001 9:49 PM To: questions@FreeBSD.ORG Subject: ipchains and natd I've been using ipchains on Linux for our buisness's firewall so I can masquerade the connections. I recently had the opportunity to change the OS to FreeBSD 4.2 so I set it up with natd and ipfw. The problem was that as soon as there were a few simultanious connections the natd process would start getting 15%-25% CPU time when I looked at top and the connections would eventually start to get slower the more connections there were. The hardware is a Pent II 166. ipchains didn't seem to have any kind of performance hit (because it's using the kernel, I think) but natd is a separate process and it appears to be more vulnerable. Any thoughts on if this is normal and is there any ipchains-type implementation on FreeBSD? Thanks! ------- Kevan Olhausen kolhausen@windermere.com Information Technologies To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001201c0bcc6$fe08a5e0$c803a8c0>