From owner-freebsd-isp Tue Mar 12 7:27:42 2002 Delivered-To: freebsd-isp@freebsd.org Received: from web20109.mail.yahoo.com (web20109.mail.yahoo.com [216.136.226.46]) by hub.freebsd.org (Postfix) with SMTP id 8C2CF37B485 for ; Tue, 12 Mar 2002 07:16:26 -0800 (PST) Message-ID: <20020312151455.16535.qmail@web20109.mail.yahoo.com> Received: from [193.227.212.160] by web20109.mail.yahoo.com via HTTP; Tue, 12 Mar 2002 16:14:55 CET Date: Tue, 12 Mar 2002 16:14:55 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: ipnat/ipf vs ipfw/natd & bridge To: freebsd-isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, I've built 2 firewall machines, a bridge/firewall and a Nat/firewall with Fbsd4.3 to connect a lan and a dmz to internet. Because of ipf doesn't work with bridging on fbsd I used ipfw on the bridge and ipnat/ipf on the nat. I'd like to use ipfw/natd also on the nat machine to connect the lan to internet so to have the same firewall(ipfw) on both machines. I know that ipfw/natd requires more cpu cicles than ipf/ipnat. But how much is natd/ipfw slower than ipnat/ipf? Can be the difference between the two a bottle neck for my Lan(about 200 machines) or dmz (about 50 machines)? ______________________________________________________________________ Guarda il nuovo video di Natalie Imbruglia, e 3 clip audio http://it.yahoo.com/mail_it/foot/?http://it.music.yahoo.com/natalie/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message