Date: Sat, 21 Oct 2006 15:54:06 -0600 From: Brett Glass <brett@lariat.net> To: "Matthew D. Fuller" <fullermd@over-yonder.net> Cc: piso@freebsd.org, net@freebsd.org Subject: Re: Avoiding natd overhead Message-ID: <200610212154.PAA11668@lariat.net> In-Reply-To: <20061021095808.GH75501@over-yonder.net> References: <200610210648.AAA01737@lariat.net> <20061021095808.GH75501@over-yonder.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:58 AM 10/21/2006, Matthew D. Fuller wrote: >Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might >fit here. It should move the NAT'ing into the kernel and save all the >context switches and copies, and (what has me more interested) make it >much easier to change port forwarding and other rules. That would be excellent. NAT really belongs in the kernel, with a userland control and monitoring utility similar to the ones that manage kernel PPP in many UNIX-like OSes. >The worst >thing about natd for me isn't performance, it's that I have to blow >away all the state to change anything. Agreed. Also, more than once I've locked myself out of a machine when trying to restart NAT with a different configuration; it would be nice to be able to change just the parameters I needed to change. I'd love to be able to look at the translations that are generated on the fly in the same way that one can look at other dynamic rules. This is especially true for some of the more arcane forms of NAT (e.g. PPTP passthrough, in which PPTP session numbers are mapped to avoid collisions) which can be hard to debug when something goes worng. --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610212154.PAA11668>