Date: Wed, 27 Sep 2000 09:33:10 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Patrick Bihan-Faou <patrick@mindstep.com> Cc: freebsd-net@freebsd.org Subject: Re: natd and userland ppp Message-ID: <Pine.BSF.4.10.10009270922150.15101-100000@InterJet.elischer.org> In-Reply-To: <124901c02898$ca8aadc0$040aa8c0@local.mindstep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
One good reason is that the PPP IP address is dynamically assigned and NATD doesn't work so well in such a dynamic environment. They are both running the same NAT library, but is you use NATD then the packet is diverted to userland TWICE, with it's attendant reduction in throughput and increase in latency.. PPP diverts packet out of the kernel once. Once it's diverted you might as well do the NAT on the packet. (and as I said, you'd have a lot of fun getting NATD synchronised with ppp. (You'd have to use all sorts of link-up and link-down scripts. Mpd can use netgraph to do all ppp processing in the kernel to reduce latency even further, but it doesn't have NAT. You could however combine it with ipfilter's in-kernel NAT to get an all-kernel solution. (we need to make a netgraph NAT module but we haven't done it yet.) On Wed, 27 Sep 2000, Patrick Bihan-Faou wrote: > Hi, > > > Sorry if this question has been answered before, but I am looking for a good > reason why one should use "ppp -nat" rather than natd with ppp ? > > > I have seen the man page for natd stating "It is intended for use with > NICs - if you want to do NAT on a PPP link, use the -nat switch to ppp(8)." > But this hardly gives details on why it is a bad idea to do so. Also with > the "dynamic" option in natd, obtaining the correct IP address for the PPP > link seems to not be a problem. > > I have set up a box with a PPPoE link to the internet, and for various > reasons it was easier for me to use the natd daemon rather than the ppp > option (although it is definitely possible as well). > > What I see as better for natd is: > - I know exactly when it is invoked in the ipfw ruleset > - I can have the same configuration wheither I have a LAN based > configuration or a PPP link > > Can anybody enlighten me ? > > > Patrick. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10009270922150.15101-100000>