From owner-freebsd-current@FreeBSD.ORG  Mon Sep  6 08:49:36 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1CBE710656B7
	for <freebsd-current@freebsd.org>; Mon,  6 Sep 2010 08:49:36 +0000 (UTC)
	(envelope-from ianf@clue.co.za)
Received: from inbound01.jnb1.gp-online.net (inbound01.jnb1.gp-online.net
	[41.161.16.135])
	by mx1.freebsd.org (Postfix) with ESMTP id AA2818FC0A
	for <freebsd-current@freebsd.org>; Mon,  6 Sep 2010 08:49:35 +0000 (UTC)
Received: from [41.154.88.19] (helo=clue.co.za)
	by inbound01.jnb1.gp-online.net with esmtpsa
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63)
	(envelope-from <ianf@clue.co.za>)
	id 1OsXOO-0005iw-Kq; Mon, 06 Sep 2010 10:49:32 +0200
Received: from localhost ([127.0.0.1] helo=clue.co.za)
	by clue.co.za with esmtp (Exim 4.72 (FreeBSD))
	(envelope-from <ianf@clue.co.za>)
	id 1OsXO0-00017U-Fa; Mon, 06 Sep 2010 10:49:08 +0200
Message-Id: <E1OsXO0-00017U-Fa@clue.co.za>
To: Peter Reo Molnar <peter@3mail4.co.uk>
From: Ian FREISLICH <ianf@clue.co.za>
In-Reply-To: <4C84A44D.90403@3mail4.co.uk> 
References: <4C84A44D.90403@3mail4.co.uk> <4C825094.5040204@secover.com.br>
	<20100905155311.GA48095@onelab2.iet.unipi.it>
	<4C84364D.9070700@DataIX.net> 
X-Attribution: BOFH
Date: Mon, 06 Sep 2010 10:49:08 +0200
Cc: freebsd-current@freebsd.org
Subject: Re: significantly slow IPFW + NATD + amd64 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2010 08:49:36 -0000

Peter Reo Molnar wrote:
> Hello,
> 
> I tried setup NAT with IPFW, compiled my kernel and I found that there 
> is very slow connection.
> After I disabled NAT and IPFW then speed was increased.
> 
> 64-bit FreeBSD 9-CURRENT :
> With IPFW: 1.2 MB/sec
> Without IPFW: 33 MB/sec
> 
> 
> my ipfw work with i386 (stable) without speed decreasing:
> 
> fw.test.conf:
> -f flush
> add 00050 divert 8668 ip4 from any to any via re0
> add 00100 allow ip from any to any via lo0
> add 00200 deny ip from any to 127.0.0.0/8
> add 00300 deny ip from 127.0.0.0/8 to any

This looks like you're using the old style NAT - divert to userland.
That has always performed poorly.  Perhaps not as poorly as this
though.  How much CPU is natd consuming?

Have you considered using in-kernel NAT?  See the 'NETWORK ADDRESS
TRANSLATION' section in the ipfw manual.  It's worth a try.

Ian

-- 
Ian Freislich