From owner-freebsd-questions Tue Apr 3 23:21:11 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id E142737B71B for ; Tue, 3 Apr 2001 23:21:08 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f346L6k83913; Tue, 3 Apr 2001 23:21:07 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Kevan Olhausen" , Subject: RE: ipchains and natd Date: Tue, 3 Apr 2001 23:21:06 -0700 Message-ID: <002b01c0bccf$6ea604c0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG What's the output of vmstat -m on your nat system? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kevan Olhausen >Sent: Tuesday, April 03, 2001 9:49 PM >To: questions@FreeBSD.ORG >Subject: ipchains and natd > > >I've been using ipchains on Linux for our buisness's firewall so I can >masquerade the connections. I recently had the opportunity to change the OS >to FreeBSD 4.2 so I set it up with natd and ipfw. The problem was that as >soon as there were a few simultanious connections the natd process would >start getting 15%-25% CPU time when I looked at top and the connections >would eventually start to get slower the more connections there were. The >hardware is a Pent II 166. ipchains didn't seem to have any kind of >performance hit (because it's using the kernel, I think) but natd is a >separate process and it appears to be more vulnerable. Any thoughts on if >this is normal and is there any ipchains-type implementation on FreeBSD? >Thanks! > >------- >Kevan Olhausen >kolhausen@windermere.com >Information Technologies > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message