From owner-freebsd-questions@FreeBSD.ORG Wed Jan 29 21:44:25 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28EE94DA for ; Wed, 29 Jan 2014 21:44:25 +0000 (UTC) Received: from bs1.fjl.org.uk (bs1.fjl.org.uk [84.45.41.196]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A1BCF18D5 for ; Wed, 29 Jan 2014 21:44:24 +0000 (UTC) Received: from [192.168.1.35] (host86-163-127-175.range86-163.btcentralplus.com [86.163.127.175]) (authenticated bits=0) by bs1.fjl.org.uk (8.14.4/8.14.4) with ESMTP id s0TLiDJH029847 (version=TLSv1/SSLv3 cipher=DHE-DSS-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 29 Jan 2014 21:44:15 GMT (envelope-from frank2@fjl.co.uk) Message-ID: <52E9762F.10208@fjl.co.uk> Date: Wed, 29 Jan 2014 21:44:15 +0000 From: Frank Leonhardt User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: Necessary to implement static NAT 1:1 References: <1390999493.115887823.pfbg2ep5@frv35.ukr.net> <52E91B3D.4000601@fjl.co.uk> <1391010653.726619904.szvwo6t9@frv35.ukr.net> In-Reply-To: <1391010653.726619904.szvwo6t9@frv35.ukr.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 21:44:25 -0000 On 29/01/2014 15:52, Vladislav Prodan wrote: > > > >> On 29/01/2014 12:45, Vladislav Prodan wrote: >>> Necessary to implement static NAT 1:1 >>> >>> 10.1.2.3 -> 100.1.2.3 >>> 10.1.2.4 -> 100.1.2.4 >>> 10.1.2.5 -> 100.1.2.5 >>> 10.1.2.6 -> 100.1.2.6 >>> ... >>> IP addresses such an over 20k >>> prompt you implement? >>> >> I don't understand the question exactly (I expect I will not be the only >> one). natd will allow 1:1 mappings like this very easily. Are you saying >> you have a lot of these and you do not want to write the config file by >> hand? >> >> > I'm not sure that FreeBSD withstand an over 20k rules of the form: > > ipfw nat 3 config ip 100.1.2.3 > ipfw nat 4 config ip 100.1.2.4 > ipfw nat 5 config ip 100.1.2.5 > ipfw nat 6 config ip 100.1.2.6 > ... > > + Two rules to handle each nat N > > Probably need to somehow use nat tablearg, but I do not understand logic. > > I do not think there would be a problem with natd. It uses libalias and this calls malloc() to add each redirect to a simple linked list. A quick looks suggests it's only 50-ish bytes/entry (depending on processor) so a table of 20K of them would be ~1Mb (+malloc overhead). There was a time when 1Mb was a lot of core, but not any more. It may slow down a bit, as it links through he list. There might be something in the newer libalias that does it more efficiently, but if you give it a go I think it will probably work. Regards, Frank.