From owner-freebsd-performance@FreeBSD.ORG Mon May 5 09:28:01 2003 Return-Path: Delivered-To: freebsd-performance@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CF0337B401 for ; Mon, 5 May 2003 09:28:01 -0700 (PDT) Received: from cultdeadsheep.org (charon.cultdeadsheep.org [80.65.226.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id D6E8843FB1 for ; Mon, 5 May 2003 09:27:59 -0700 (PDT) (envelope-from sheep.killer@cultdeadsheep.org) Received: (qmail 74760 invoked from network); 5 May 2003 16:27:58 -0000 Received: from unknown (HELO lucifer.cultdeadsheep.org) (192.168.0.2) by goofy.cultdeadsheep.org with SMTP; 5 May 2003 16:27:58 -0000 Date: Mon, 5 May 2003 18:27:56 +0200 From: Clement Laforet To: freebsd-performance@freebsd.org Message-Id: <20030505182756.093fb1c3.sheep.killer@cultdeadsheep.org> In-Reply-To: <3EB67822.3070802@centtech.com> References: <3EB67822.3070802@centtech.com> Organization: tH3 cUlt 0f tH3 d3@d sH33p X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386-portbld-freebsd4.8) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: NAT performance tweaks X-BeenThere: freebsd-performance@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Performance/tuning List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 May 2003 16:28:01 -0000 On Mon, 05 May 2003 09:41:38 -0500 Eric Anderson wrote: > Does anyone have any tweaks they apply to NAT firewalls that pass a > lot of connections through them? Here's the ony tweak I have in place > already, but I'm not sure they're needed yet (or if there are any > tweaks needed at all): which NAT solution do you use ? > sysctl kern.ipc.somaxconn=8192 NAT'ing (except for natd which uses IPDIVERT (but not more than 3)) doesn't use socket to translate packets. Generally, packets are tagged by firewall control software and translated within the IP stack (at leat in kernel land). clem