From owner-freebsd-net  Mon May 31 13:10:29 1999
Delivered-To: freebsd-net@freebsd.org
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
	by hub.freebsd.org (Postfix) with SMTP id 25B951554F
	for <net@FreeBSD.ORG>; Mon, 31 May 1999 13:10:26 -0700 (PDT)
	(envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id TAA19533; Mon, 31 May 1999 19:45:13 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199905311745.TAA19533@labinfo.iet.unipi.it>
Subject: Re: natd question
To: dgilbert@velocet.ca (David Gilbert)
Date: Mon, 31 May 1999 19:45:12 +0200 (MET DST)
Cc: net@FreeBSD.ORG
In-Reply-To: <14162.59808.260640.720788@trooper.velocet.ca> from "David Gilbert" at May 31, 99 03:57:01 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1388      
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Luigi> But i wonder, is there a way to tell NATD to act straight on
> Luigi> incoming packets, instead of forcing forwarding on, and having
> Luigi> another pass through the firewall and the protocol stack ?
> 
> We realized this pretty early on because our firewall sees a large
> amount of traffic (800 or more K/s) only 10-20K/s of which needs
> natd.  With a standard configuration, natd can consume a large amount
> of CPU to accomplish it's task.
> 
> What we do is make natd run on an aliased interface (such that traffic 
> would not normally go to/from it).  Here's the relavant config:

yes, i already did that, and in fact at least natd only sees useful
pkts now. However there is still a couple of useless passes through the
firewall code (once a pkt is diverted, you know what to do with it, no
need to do further analysis), plus having forwarding enabled makes
me feel a bit uncomfortable...

	cheers
	luigi
-----------------------------------+-------------------------------------
  Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)

		  http://www.iet.unipi.it/~luigi/ngc99/
====  First International Workshop on Networked Group Communication  ====
-----------------------------------+-------------------------------------


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message