Date: Mon, 05 May 2003 12:34:55 -0500 From: Eric Anderson <anderson@centtech.com> To: Clement Laforet <sheep.killer@cultdeadsheep.org> Cc: freebsd-performance@freebsd.org Subject: Re: NAT performance tweaks Message-ID: <3EB6A0BF.1040803@centtech.com> References: <3EB67822.3070802@centtech.com> <20030505182756.093fb1c3.sheep.killer@cultdeadsheep.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Clement Laforet wrote: > On Mon, 05 May 2003 09:41:38 -0500 > Eric Anderson <anderson@centtech.com> wrote: > > >>Does anyone have any tweaks they apply to NAT firewalls that pass a >>lot of connections through them? Here's the ony tweak I have in place >>already, but I'm not sure they're needed yet (or if there are any >>tweaks needed at all): > > > which NAT solution do you use ? IPNAT and ipfilter.. >>sysctl kern.ipc.somaxconn=8192 > > > NAT'ing (except for natd which uses IPDIVERT (but not more than 3)) > doesn't use socket to translate packets. > Generally, packets are tagged by firewall control software and > translated within the IP stack (at leat in kernel land). Oh yea, that's right.. So can you think of any kernel or other tweaks to be done, to ensure optimal usage of the machine in this environment? What about mail coming in/out of the machine? I do a fair amount of mail through it (out through NAT, in through Sendmail) also.. Eric -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology Attitudes are contagious, is yours worth catching? ------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EB6A0BF.1040803>