Date: Tue, 30 Jan 2024 14:27:31 +1100 From: Ian Smith <smithi@nimnet.asn.au> To: Jim Long <freebsd-questions@umpquanet.com>,Paul Procacci <pprocacci@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: VirtIO/ipfw/natd throughput problem in hosted VM Message-ID: <AB79ABF9-2306-4EEB-A9AE-DBF5D780E71B@nimnet.asn.au> In-Reply-To: <Zbfwwnb0IupcVsVl@sfo.umpquanet.com> References: <ZbfkhQXCobk0jKBg@sfo.umpquanet.com> <CAFbbPui_RX%2Bk%2BtFd18yN2MHMfSAQSqqEjPLo3GY12AchnN0eCg@mail.gmail.com> <Zbfwwnb0IupcVsVl@sfo.umpquanet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 30 January 2024 5:38:58 am AEDT, Jim Long <freebsd-questions@umpquanet= =2Ecom> wrote: > On Mon, Jan 29, 2024 at 12:54:49PM -0500, Paul Procacci wrote: > > > > The most glaringly obvious thing to me is to use in-kernel nat > instead of > > natd=2E > > Packets won't have to leave the kernel at that point=2E > > It's detailed in ipfw(8)=2E > >=20 > > ~Paul >=20 > Thank you very much! Your tip plus some cribbing from: >=20 > https://www=2Eneelc=2Eorg/posts/freebsd-ipfw-nat/ >=20 > seems to have taken care of it=2E >=20 > Regards, >=20 > Jim That's great, but for future reference be sure to a) only divert 'ip4', not 'ip' packets to natd(8) - i=2Ee=2E no ipv6 packe= ts=2E b) see section BUGS at the end of ipfw(8): you must disable TSO with ifcon= fig(8) to use ipfw nat, which the above article doesn't mention=2E cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AB79ABF9-2306-4EEB-A9AE-DBF5D780E71B>