On Sun, Jan 27, 2002 at 09:55:03AM -0500, Matthew Emmerton wrote:
> > Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton:
> >
> > Hi Matt,
> >
> > > Here's the patch that I wrote some time ago.
> >
> > thanks a lot!
> > Did you send-pr the patch? It seems quite necessary to be added.
>
> Not yet. One of the things that I don't like about this patch is that old
> rules still stay around (re-reading the configuration will only modify
> existing rules and add new rules.) I'm also taking a lot of flak on my side
> of the fence since NAT runs as a userland process, so every packet gets
> copied between the kernel and userland twice (once on the way in, once on
> the way out.) Apparently Linux doesn't do this.
>
> I'm looking at making natd into a kernel option ("options IPNAT") and using
> a combination of sysctls and a front-end program to manage how nat operates,
> much like "options IPFIREWALL" and ipfw works today.
That would be just great. A lot of people would benefit from this. I had to
switch to IPF/IPNAT because of the cpu load NATD had. But for some reason, I
find NATD to be a bit "better" than IPNAT (I'm having a lot of problems
with Audiogalaxy's satellite service running with ftp).
> This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and
> keep those Linux people from bashing us (or me, at least.)
Sorry, I *was* one of them :)
veedee.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
