From owner-freebsd-net  Thu Feb  7 11: 0:35 2002
Delivered-To: freebsd-net@freebsd.org
Received: from rwcrmhc54.attbi.com (rwcrmhc54.attbi.com [216.148.227.87])
	by hub.freebsd.org (Postfix) with ESMTP id 7E52C37B41A
	for <freebsd-net@freebsd.org>; Thu,  7 Feb 2002 11:00:26 -0800 (PST)
Received: from InterJet.elischer.org ([12.232.206.8])
          by rwcrmhc54.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020207190026.GVLD1214.rwcrmhc54.attbi.com@InterJet.elischer.org>;
          Thu, 7 Feb 2002 19:00:26 +0000
Received: from localhost (localhost.elischer.org [127.0.0.1])
	by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id KAA97302;
	Thu, 7 Feb 2002 10:57:52 -0800 (PST)
Date: Thu, 7 Feb 2002 10:57:51 -0800 (PST)
From: Julian Elischer <julian@elischer.org>
To: Tariq Rashid <tariq@inty.net>
Cc: freebsd-net@freebsd.org
Subject: Re: squeeze more performance out of natd?
In-Reply-To: <MPENKFCCIIDAJKJJOLBHAELPCHAA.tariq@inty.net>
Message-ID: <Pine.BSF.4.21.0202071055530.91961-100000@InterJet.elischer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

first advise:

add more firewall rules so that any packets that YOU KNOW will not be
translated will bypass the natd..

i.e. make sure packets fromteh localhost are not sent to natd.


What throughput are you trying to NAT?
I've never seen it be an issue.



On Thu, 7 Feb 2002, Tariq Rashid wrote:

> 
>  i've spent a good number of hours RTFMs, trying to make the best of a bad
> situtaion: userland natd instead of kernel-space nat.
> 
>  the only practical advice i found was to increase the maxusers kernel
> option - we're already at 1024 (with plenty of ram to support it). other
> advice was to have a streamlined ipfw list and i think mine is.
> 
>  the problem is that high network traffic with natd means that the CPU
> spends its time doing nat and not paying much attention to anything else.
> re-niceing it just means lower thoughput.
> 
> 
>  any advice on squeezing more out of natd?
> 	* natd spawning other natds?
> 	* combinations of command line options?
> 	* more kernel parameter tweaking?
> 
> thanks
> 
> tariq
> 
> 
> intY has automatically scanned this email with Sophos Anti-Virus (www.inty.net)
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message