On Sat, Oct 21, 2006 at 12:47:54AM -0600 I heard the voice of Brett Glass, and lo! it spake thus: > > How can I replace just the functionality of natd without moving to > an entirely new firewall? Can I still select which packets are > routed to the NAT engine, and when this occurs during the processing > of the packet?
Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might fit here. It should move the NAT'ing into the kernel and save all the context switches and copies, and (what has me more interested) make it much easier to change port forwarding and other rules. The worst thing about natd for me isn't performance, it's that I have to blow away all the state to change anything. I think some of the support has been brought in, at least to -CURRENT, but I'm not sure, and I'm pretty sure it isn't in RELENG_6 or earlier. Paolo? -- Matthew Fuller (MF4839) | [EMAIL PROTECTED] Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
