Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Dec 1998 17:14:01 -0500
From:      Christian Kuhtz <ck@ns1.adsu.bellsouth.com>
To:        Phillip Salzman <psalzman@gamefish.pcola.gulf.net>, Brian Feldman <green@unixhelp.org>
Cc:        gmarco@giovannelli.it, current@FreeBSD.ORG
Subject:   Re: wanton Atticizing is bad
Message-ID:  <19981228171401.B1333@ns1.adsu.bellsouth.com>
In-Reply-To: <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>; from Phillip Salzman on Mon, Dec 28, 1998 at 04:04:16PM -0600
References:  <Pine.BSF.4.05.9812280839130.14811-100000@janus.syracuse.net> <Pine.BSF.4.05.9812281601360.13575-100000@gamefish.pcola.gulf.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Dec 28, 1998 at 04:04:16PM -0600, Phillip Salzman wrote:
> > You can do that with natd.
> 
> 	That is possible, but not logical.  Say you have 2000
> dialup users attempting to access the web at the same time... all
> coming from different IP addresses -- would you want the packet
> scanning to go at the Cisco, or at the NATd?  Its simple to do 
> a transparent proxy from the cisco, and does not require too much on 
> the squid side (IPFILTER), with less on the router.

I thought the issue was, given IPFILTER or IPFW, can we do everything with 
IPFW that IPFILTER and other kludges did?  So that we can start to phase
out IPFILTER.

Cisco's can't do transparent redirection at the present time.  The do speak
WCCP however.  No, source routing is not an option.

IMHO, we can argue all day long whether we want a FreeBSD or a Cisco in the
datapath.  Knowing both network stacks quite well, I'd vote for a Cisco 
anytime.  But others may not feel the same way (for whatever reason) and
want the FreeBSD box to do it.

Anyone ever done any performance benchmarking on natd/IPFILTER/IPFW?

Cheers,
Chris

-- 
Frisbeetarianism, n.:
    The belief that when you die, your soul goes up on the roof and gets stuck.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981228171401.B1333>