From owner-freebsd-questions@FreeBSD.ORG Wed Jan 29 22:19:03 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ABDDC72E for ; Wed, 29 Jan 2014 22:19:03 +0000 (UTC) Received: from frv198.fwdcdn.com (frv198.fwdcdn.com [212.42.77.198]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 624311C7A for ; Wed, 29 Jan 2014 22:19:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net; s=ffe; h=Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Cc:To:Subject:From:Date; bh=7FpUL6IC8YYV9UvY7ryUIOsmzxtrQR/T7vv1ERM2pHg=; b=WFG3oEWLTNqwec4g+I4NdBsZ4POi/vo1Y7CIOqL+BmPIeoSvL2MBYqik1mIZ4vcBxfE8E9zFqdhn3iuEOedfYDxHgcskSb27uURdmsAdivVeG6wnkQRsMSdWpnsjFv9d+BEM7WPeE6SwDjdLQqeIg4a3K3geJK4sPHqSQa6ddKo=; Received: from [10.10.10.35] (helo=frv35.ukr.net) by frv198.fwdcdn.com with smtp ID 1W8dTH-0000KC-AO for freebsd-questions@freebsd.org; Thu, 30 Jan 2014 00:18:59 +0200 Date: Thu, 30 Jan 2014 00:18:59 +0200 From: Vladislav Prodan Subject: Re[2]: Necessary to implement static NAT 1:1 To: Frank Leonhardt X-Mailer: mail.ukr.net 5.0 Message-Id: <1391033938.846207368.s17yjvjq@frv35.ukr.net> In-Reply-To: <52E9762F.10208@fjl.co.uk> References: <1390999493.115887823.pfbg2ep5@frv35.ukr.net> <52E91B3D.4000601@fjl.co.uk> <1391010653.726619904.szvwo6t9@frv35.ukr.net> <52E9762F.10208@fjl.co.uk> MIME-Version: 1.0 Received: from universite@ukr.net by frv35.ukr.net; Thu, 30 Jan 2014 00:18:59 +0200 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: binary Content-Disposition: inline Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jan 2014 22:19:03 -0000 > On 29/01/2014 15:52, Vladislav Prodan wrote: > > > > > > > >> On 29/01/2014 12:45, Vladislav Prodan wrote: > >>> Necessary to implement static NAT 1:1 > >>> > >>> 10.1.2.3 -> 100.1.2.3 > >>> 10.1.2.4 -> 100.1.2.4 > >>> 10.1.2.5 -> 100.1.2.5 > >>> 10.1.2.6 -> 100.1.2.6 > >>> ... > >>> IP addresses such an over 20k > >>> prompt you implement? > >>> > >> I don't understand the question exactly (I expect I will not be the only > >> one). natd will allow 1:1 mappings like this very easily. Are you saying > >> you have a lot of these and you do not want to write the config file by > >> hand? > >> > >> > > I'm not sure that FreeBSD withstand an over 20k rules of the form: > > > > ipfw nat 3 config ip 100.1.2.3 > > ipfw nat 4 config ip 100.1.2.4 > > ipfw nat 5 config ip 100.1.2.5 > > ipfw nat 6 config ip 100.1.2.6 > > ... > > > > + Two rules to handle each nat N > > > > Probably need to somehow use nat tablearg, but I do not understand logic. > > > > > > I do not think there would be a problem with natd. It uses libalias and > this calls malloc() to add each redirect to a simple linked list. A > quick looks suggests it's only 50-ish bytes/entry (depending on > processor) so a table of 20K of them would be ~1Mb (+malloc overhead). > There was a time when 1Mb was a lot of core, but not any more. It may > slow down a bit, as it links through he list. > > There might be something in the newer libalias that does it more > efficiently, but if you give it a go I think it will probably work. > > Regards, Frank. > > Thank you for your feedback. I will try to assemble the stand and test scripts to simulate the behavior of users. -- Vladislav V. Prodan System & Network Administrator http://support.od.ua +380 67 4584408, +380 99 4060508 VVP88-RIPE