Date: Thu, 22 Nov 2001 10:48:59 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: "Dave Raven" <dave@raven.za.net> Cc: freebsd-security@FreeBSD.org Subject: Re: Best security topology for FreeBSD Message-ID: <18259.1006418939@axl.seasidesoftware.co.za> In-Reply-To: Your message of "Wed, 21 Nov 2001 19:25:12 %2B0200." <005f01c172b1$7a8503c0$3600a8c0@DAVE>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 21 Nov 2001 19:25:12 +0200, "Dave Raven" wrote: > With IPFilter this is not so, IPNat runs in the kernel and should be faster. > If you are planning on large usage I would recommend IPFilter (less load) > and IPNat. I'm having trouble with IPFW+natd servicing a high-volume web cluster. I'm finding that natd hogs just about all available cycles on one of the two PII CPUs in the box. The throughput of through the firewall has also dropped since I migrated from the Linux IPchains monster we had before. I'll post my findings in follow-up later this month. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18259.1006418939>