From owner-freebsd-net  Sun Jan 27 10:54:14 2002
Delivered-To: freebsd-net@freebsd.org
Received: from c7.campus.utcluj.ro (c7.campus.utcluj.ro [193.226.6.226])
	by hub.freebsd.org (Postfix) with SMTP id E49FE37B423
	for <freebsd-net@FreeBSD.ORG>; Sun, 27 Jan 2002 10:54:03 -0800 (PST)
Received: (qmail 29040 invoked by uid 1008); 27 Jan 2002 18:53:47 -0000
Date: Sun, 27 Jan 2002 20:53:47 +0200
From: veedee@c7.campus.utcluj.ro
To: Matthew Emmerton <matt@gsicomp.on.ca>
Cc: Clemens Hermann <haribeau@gmx.de>,
	BSD NET-List <freebsd-net@FreeBSD.ORG>
Subject: Re: natd restart
Message-ID: <20020127205347.C28961@c7.campus.utcluj.ro>
References: <Pine.BSF.4.21.0201270011300.6340-100000@cody.jharris.com> <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local> <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca>; from matt@gsicomp.on.ca on Sun, Jan 27, 2002 at 09:55:03AM -0500
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Sun, Jan 27, 2002 at 09:55:03AM -0500, Matthew Emmerton wrote:
> > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton:
> >
> > Hi Matt,
> >
> > > Here's the patch that I wrote some time ago.
> >
> > thanks a lot!
> > Did you send-pr the patch? It seems quite necessary to be added.
> 
> Not yet.  One of the things that I don't like about this patch is that old
> rules still stay around (re-reading the configuration will only modify
> existing rules and add new rules.)  I'm also taking a lot of flak on my side
> of the fence since NAT runs as a userland process, so every packet gets
> copied between the kernel and userland twice (once on the way in, once on
> the way out.)  Apparently Linux doesn't do this.
> 
> I'm looking at making natd into a kernel option ("options IPNAT") and using
> a combination of sysctls and a front-end program to manage how nat operates,
> much like "options IPFIREWALL" and ipfw works today.

That would be just great. A lot of people would benefit from this. I had to
switch to IPF/IPNAT because of the cpu load NATD had. But for some reason, I
find NATD to be a bit "better" than IPNAT (I'm having a lot of problems
with Audiogalaxy's satellite service running with ftp).

> This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and
> keep those Linux people from bashing us (or me, at least.)

Sorry, I *was* one of them :)

veedee.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message