In that situation I have used IPFW for filtering and IPF for doing NAT. But NAT is in it's nature a very processor and memory intensive process, I wouldn't recommend to anyone to run NAT if they have more than 10Mb bandwidth and more than 100 nodes on their network.
Baldur On Sat, Oct 21, 2006 at 12:47:54AM -0600, Brett Glass wrote: > I'm working with a FreeBSD-based router that's using IPFW for > policy routing, traffic shaping, and transparent proxying and natd > for network address translation. IPFW does these things pretty well > (in fact, I don't know if another firewall, like pf, could even do > some of these things I'm doing with IPFW), but natd is by far the > most CPU-intensive process on the system and is causing it to > crumple like a wet towel under heavy loads. How can I replace just > the functionality of natd without moving to an entirely new > firewall? Can I still select which packets are routed to the NAT > engine, and when this occurs during the processing of the packet? > > --Brett Glass > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
