Date: Wed, 18 Mar 2020 15:17:12 +0900 From: Kristof Provost <kp@FreeBSD.org> To: Neel Chauhan <neel@neelc.org> Cc: freebsd-net@freebsd.org Subject: Re: IPFW In-Kernel NAT vs PF NAT Performance Message-ID: <F154BCBA-4079-48CA-ACE9-F01FBCBD53D0@FreeBSD.org> In-Reply-To: <fc638872b9bdf14c13e2d6c13e698d1e@neelc.org> References: <fc638872b9bdf14c13e2d6c13e698d1e@neelc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 18 Mar 2020, at 13:31, Neel Chauhan <neel@neelc.org> wrote: >=20 > =EF=BB=BFHi freebsd-net@ mailing list, >=20 > Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720= PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G"= in the Seattle area, and I have the Gigabit plan. >=20 > Speedtests usually give me 700 Mbps down/900 Mbps up, and 250-400 Mbps dow= n/800 Mbps up during the Coronavirus crisis. However, I'm having problems wi= th an application (Tor relays) where I am not able to use a lot of bandwidth= for Tor, Coronavirus-related telecommuting or not. My Tor server is separat= e from my firewall. >=20 > Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I= am dealing with 1000s of concurrent connections but browsing-level-bandwidt= h at once with Tor. >=20 I=E2=80=99d expect both ipfw and pf to happily saturate gigabit links with N= AT, even on quite modest hardware. Are you sure the NAT code is the bottleneck? Regards, Kristof
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F154BCBA-4079-48CA-ACE9-F01FBCBD53D0>