From owner-freebsd-questions  Fri Oct 12 13:15:55 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from rambo.simx.org (rambo.simx.org [194.17.208.54])
	by hub.freebsd.org (Postfix) with ESMTP id 25EEE37B405
	for <freebsd-questions@FreeBSD.ORG>; Fri, 12 Oct 2001 13:15:51 -0700 (PDT)
Received: from ljusdal.net (rocky [192.168.0.2])
	by rambo.simx.org (8.11.6/8.11.6) with ESMTP id f9CKEM936079;
	Fri, 12 Oct 2001 22:14:30 +0200 (CEST)
	(envelope-from rocky@ljusdal.net)
Message-ID: <3BC74F85.F480D241@ljusdal.net>
Date: Fri, 12 Oct 2001 22:16:05 +0200
From: "Roger 'Rocky' Vetterberg" <rocky@ljusdal.net>
Reply-To: rocky@ljusdal.net
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Kenneth Wayne Culver <culverk@wam.umd.edu>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW or IPFILTER?
References: <Pine.GSO.4.21.0110121221030.27531-100000@sun10pg2.wam.umd.edu>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

This is odd.
I have personally witnessed at least 10-12 Quake 3 players behind a single ip
handled by a IPFW/NATD machine, all on the same game server and with acceptable
ping considered the bandwidth available.
I dont recall the exact configuration of the IPFW/NATD machine, but Im quite
certian it was no higher than PII 233 with 64M, probably a lot weaker.

Im not saying ipfw is better, or worse for that matter, then ipfilter, Im just
telling you what I know.

__
R

Kenneth Wayne Culver wrote:

> Truthfully, A lot more people are starting to prefer ipfilter for nat
> solutions though, I have found that ipfilter is really easy to configure
> and get working in an acceptable manner. I've heard that if you want to
> traffic shaping but still want to use ipfilter this is possible by just
> setting the ipfw to be open by default, and use ipfilter to do the actual
> filtering; while using dummynet for traffic shaping. I'm not sure how this
> effects performance though. For NAT I would think that ipfilter is faster
> because for natd, every packet must be copied out of the kernel, to natd,
> then back into the kernel. I have actually run into problems with this
> with as few as 5 people (using Quake III on their computers connecting to
> a single Quake III server, natd handled 3 people, but when the 4th person
> connected, the ping skyrocketed, and we started having packetloss) but
> with ipfilter, the problems disappeared. This of course was on a 200MHz
> pentium pro, but it worked fine with ipfilter.
>
> Ken
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message