Date: Wed, 18 Mar 2020 15:17:12 +0900 From: Kristof Provost <kp@FreeBSD.org> To: Neel Chauhan <neel@neelc.org> Cc: freebsd-net@freebsd.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance Message-ID: <F154BCBA-4079-48CA-ACE9-F01FBCBD53D0@FreeBSD.org> In-Reply-To: <fc638872b9bdf14c13e2d6c13e698d1e@neelc.org>
index | next in thread | previous in thread | raw e-mail
> On 18 Mar 2020, at 13:31, Neel Chauhan <neel@neelc.org> wrote: > > Hi freebsd-net@ mailing list, > > Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720 PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G" in the Seattle area, and I have the Gigabit plan. > > Speedtests usually give me 700 Mbps down/900 Mbps up, and 250-400 Mbps down/800 Mbps up during the Coronavirus crisis. However, I'm having problems with an application (Tor relays) where I am not able to use a lot of bandwidth for Tor, Coronavirus-related telecommuting or not. My Tor server is separate from my firewall. > > Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I am dealing with 1000s of concurrent connections but browsing-level-bandwidth at once with Tor. > I’d expect both ipfw and pf to happily saturate gigabit links with NAT, even on quite modest hardware. Are you sure the NAT code is the bottleneck? Regards, Kristofhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F154BCBA-4079-48CA-ACE9-F01FBCBD53D0>