Date: Wed, 19 Mar 2008 14:34:44 -0700 From: Rudy <crapsh@MonkeyBrains.NET> To: David Alanis <canito@dalan.us> Cc: freebsd-questions@freebsd.org, Christopher Cowart <ccowart@rescomp.berkeley.edu> Subject: Re: confusion configuring NAT Message-ID: <47E186F4.6060409@MonkeyBrains.NET> In-Reply-To: <20080319155112.fmd1lzn688w8c4s8@mail.dalan.us> References: <18401.29043.824662.173177@jerusalem.litteratus.org> <200803191516.59344.josh@tcbug.org> <20080319202159.GI39509@hal.rescomp.berkeley.edu> <20080319155112.fmd1lzn688w8c4s8@mail.dalan.us>
next in thread | previous in thread | raw e-mail | index | archive | help
David Alanis wrote: > Being I am a newcomer to freeBSD, on my first install google turned up > a how to for getting my box on the Internet as a firewall/DHCP/DNS > server. Since, I've been learning the packet filtering program (pf). > Everytime I read a question on ipfw I quickly get confused. > > What are the major advantages one over the other? I hope not to sound > biased but pf seems more user friendly, easier to implement, and less > verbose? ipnat can handle 80+Mbps on a 2Ghz single core CPU. ipfw w/ natd will crumple around 10Mbps on the same box. There is one difference. :) It has to do with the fact that ipnat is kernel based while DIVERT uses the userland natd program. (I use ipnat as a synonym for pf) More info: http://lists.freebsd.org/pipermail/freebsd-ipfw/2004-December/001583.html Rudy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E186F4.6060409>