Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Nov 2008 17:11:12 +0100
From:      Max Laier <max@love2party.net>
To:        Jeremy Chadwick <koitsu@freebsd.org>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: rdr rule does not work (bad hdr length)
Message-ID:  <200811041711.12983.max@love2party.net>
In-Reply-To: <20081104155043.GA51736@icarus.home.lan>
References:  <491012AE.7000409@adminlife.net> <49106ECF.4080803@adminlife.net> <20081104155043.GA51736@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tuesday 04 November 2008 16:50:43 Jeremy Chadwick wrote:
> On Tue, Nov 04, 2008 at 04:48:31PM +0100, Matthias Kellermann wrote:
...
> >
> > Thanks for your explanation, Max.
> >
> > I've added the following line to /etc/inetd.conf:
> > telnet stream tcp nowait nobody /usr/bin/nc /usr/bin/nc -w 20
> > 192.168.0.10 23
> >
> > Works fine!
> >
> > I've tried the same thing with other protocols (e.g. SSH). Doing an scp
> > transfer is really slow this way. Any ideas what could cause this issue?
> > (this is not pf related anymore, but perhaps someone has a quick answer).
>
> Simple: you've created a wonderful, beautiful bottleneck by using netcat
> as a form of buffering mechanism.  You can tune netcat to your hearts
> content, and probably improve things a bit, but you're more or less
> screwed (to put it frankly).
>
> I highly recommend Max's first recommendation.

Basically, yes.  Userland redirection is a hack.  It's easy to setup and will 
get you going.  There are more efficient implementations than netcat - e.g. 
rinetd from ports.  Ultimately, however, if you are looking for throughput 
without too much impact on the forwarding box etc. ... you must use a 
different mechanism - such as in-kernel redirection as provided by pf.  For 
that you need a different network layout, however. 

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811041711.12983.max>