Date: Sat, 21 Oct 2006 09:38:35 +0000 From: Baldur Gislason <baldur@foo.is> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org Subject: Re: Avoiding natd overhead Message-ID: <20061021093835.GY804@gremlin.foo.is> In-Reply-To: <200610210648.AAA01737@lariat.net> References: <200610210648.AAA01737@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In that situation I have used IPFW for filtering and IPF for doing NAT. But NAT is in it's nature a very processor and memory intensive process, I wouldn't recommend to anyone to run NAT if they have more than 10Mb bandwidth and more than 100 nodes on their network. Baldur On Sat, Oct 21, 2006 at 12:47:54AM -0600, Brett Glass wrote: > I'm working with a FreeBSD-based router that's using IPFW for > policy routing, traffic shaping, and transparent proxying and natd > for network address translation. IPFW does these things pretty well > (in fact, I don't know if another firewall, like pf, could even do > some of these things I'm doing with IPFW), but natd is by far the > most CPU-intensive process on the system and is causing it to > crumple like a wet towel under heavy loads. How can I replace just > the functionality of natd without moving to an entirely new > firewall? Can I still select which packets are routed to the NAT > engine, and when this occurs during the processing of the packet? > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061021093835.GY804>