Date: Mon, 06 Sep 2010 20:08:12 +0900 From: Randy Bush <randy@psg.com> To: Ian FREISLICH <ianf@clue.co.za> Cc: freebsd-current@freebsd.org Subject: Re: significantly slow IPFW + NATD + amd64 Message-ID: <m2wrqzgmeb.wl%randy@psg.com> In-Reply-To: <E1OsXO0-00017U-Fa@clue.co.za> References: <4C84A44D.90403@3mail4.co.uk> <4C825094.5040204@secover.com.br> <20100905155311.GA48095@onelab2.iet.unipi.it> <4C84364D.9070700@DataIX.net> <E1OsXO0-00017U-Fa@clue.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Ian FREISLICH wrote:
>
> Peter Reo Molnar wrote:
> > Hello,
> >
> > I tried setup NAT with IPFW, compiled my kernel and I found that there
> > is very slow connection.
> > After I disabled NAT and IPFW then speed was increased.
> >
> > 64-bit FreeBSD 9-CURRENT :
> > With IPFW: 1.2 MB/sec
> > Without IPFW: 33 MB/sec
> >
> >
> > my ipfw work with i386 (stable) without speed decreasing:
> >
> > fw.test.conf:
> > -f flush
> > add 00050 divert 8668 ip4 from any to any via re0
> > add 00100 allow ip from any to any via lo0
> > add 00200 deny ip from any to 127.0.0.0/8
> > add 00300 deny ip from 127.0.0.0/8 to any
>
> This looks like you're using the old style NAT - divert to userland.
> That has always performed poorly. Perhaps not as poorly as this
> though. How much CPU is natd consuming?
>
> Have you considered using in-kernel NAT? See the 'NETWORK ADDRESS
> TRANSLATION' section in the ipfw manual. It's worth a try.
i never managed to figure out how to convert my pppoe nat config to ipfw
natting.
foo:
set device PPPoE:vr0
set MTU 1454
accept CHAP
enable lqr
add default HISADDR
nat enable yes
nat port tcp 192.168.0.33:51332 51332
nat port udp 192.168.0.33:51332 51332
set authname blogovitch
set authkey vitchoblog
loop:
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
set ifaddr 192.168.0.200 192.168.0.201 255.255.255.255
clue bat solicited
randy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2wrqzgmeb.wl%randy>