From owner-freebsd-net@FreeBSD.ORG Wed May 3 11:12:41 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCA2C16A402 for ; Wed, 3 May 2006 11:12:41 +0000 (UTC) (envelope-from tbyte@otel.net) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62A5B43D4C for ; Wed, 3 May 2006 11:12:41 +0000 (GMT) (envelope-from tbyte@otel.net) Received: from dragon.otel.net ([212.36.8.135]) by mail.otel.net with esmtp (Exim 4.60 (FreeBSD)) (envelope-from ) id 1FbFHc-000I8Z-1T; Wed, 03 May 2006 14:12:40 +0300 From: Iasen Kostov To: Paolo Pisati In-Reply-To: <20060502162406.GA3596@tin.it> References: <20060430135702.GA48117@tin.it> <1146569915.79123.9.camel@DraGoN.OTEL.net> <20060502162406.GA3596@tin.it> Content-Type: text/plain Date: Wed, 03 May 2006 14:12:39 +0300 Message-Id: <1146654759.30275.18.camel@DraGoN.OTEL.net> Mime-Version: 1.0 X-Mailer: Evolution 2.6.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: FreeBSD_Net Subject: Re: [6.x patchset] Ipfw nat and libalias modules X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 May 2006 11:12:42 -0000 On Tue, 2006-05-02 at 18:24 +0200, Paolo Pisati wrote: > On Tue, May 02, 2006 at 02:38:35PM +0300, Iasen Kostov wrote: > > Have you done any performace comparisons with pf's NAT ? I realy would > > prefer libalias based kernel NAT than pf because libalias works better > > with ftp, irc dcc and things like that (VoIP would be nice too :P ). So > > the only reason I've not put it in production is because its to new and > > untested but as soon as I upgrade mine home to 6.x router I'll test it > > more extensivly. > > no performance comparison (at least not yet), but i don't > expect NAT to be a real bottleneck. Anyway, if we find > it's dead slow, i'll fix it :) > > > Btw what is the status of the multi-session to the same > > point PPTP NAT (e.g call ID tracking) ? > > i didn't modify the protocol specific nat support, so > it's just like with natd. > > btw a brave guy (Hi Patrick! :) switched 4 boxes > (i386 and amd64, UP and SMP) from natd to ipfw's nat and > everything went smooth, except for a little bug that i'm > tracking down... sounds good to me! :) > > bye Sound good to me too :). We have a dual opteron 248 here NATing (and that's its only purpose) about 2000 clients at ~300-400 Mbps full-duplex so the NAT could be a bottle neck :). But in time for the next upgrade (to 6.1) I'll test your patches to see what will happen. Regards.