From owner-freebsd-net@FreeBSD.ORG  Mon Oct 25 04:50:04 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B143616A4CE
	for <net@freebsd.org>; Mon, 25 Oct 2004 04:50:04 +0000 (GMT)
Received: from pimout1-ext.prodigy.net (pimout1-ext.prodigy.net
	[207.115.63.77])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6875843D39
	for <net@freebsd.org>; Mon, 25 Oct 2004 04:50:04 +0000 (GMT)
	(envelope-from julian@elischer.org)
Received: from [192.168.1.102] (adsl-68-123-122-146.dsl.snfc21.pacbell.net
	[68.123.122.146])i9P4o2WC212824;	Mon, 25 Oct 2004 00:50:03 -0400
Message-ID: <417C85FA.5050708@elischer.org>
Date: Sun, 24 Oct 2004 21:50:02 -0700
From: Julian Elischer <julian@elischer.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8a3) Gecko/20041017
X-Accept-Language: en, hu
MIME-Version: 1.0
To: Stephane Raimbault <segr@hotmail.com>
References: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com>
In-Reply-To: <BAY24-F38qIfQdmEB4H0000f819@hotmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
cc: net@freebsd.org
Subject: Re: using natd to load balance port 80 to multiple servers
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Oct 2004 04:50:04 -0000

Stephane Raimbault wrote:
> Hi All,
> 
> I'm currently using a freebsd box running natd to forward port 80 to 
> several (5) web servers on private IP's.
> 
> I have discovered that natd doesn't handle many requests/second all that 
> well (seem to choke at about 200 req/second (educated guess))
> 

use the "ipfw fwd" option to directly send the packets to the appropriate machine.
Should be able to forwarrd at wire speed.

you will probably need ipfw fwd running on both sides of the forward..
one on the switch machine to forward packets to one machine and one on
that machine to "capture" those packets to a local socket.


> There are other packet filtering options on FreeBSD and I wonder if I 
> can use them to do what I'm trying to do with natd.
> 
> Would someone be able to point me to documentation or help me have 
> either ipf/ipfw/pf forward port 80 traffic to private space IP's?
>