On 2008-Dec-30 07:58:58 -0800, ibmed <ib...@mail.ru> wrote: >There's two FreeBSD boxes that do ipfw nat. >Both worked with natd until some time ago, when it became clear that we need >a better solution. So I upgraded sources and recompiled to kernel to include >ipfw nat features. The boxes have onboard msk-net cards that worked fine >under natd.
When I ran into similar load issues, I switched to ipfilter because the IPFW kernel NAT didn't exist at the time. If you are unable to find another solution, possibly you could try a different firewall. >options DUMMYNET >options IPDIVERT Are you using dummynet or ipdivert functionality? >fastforwarding is on, polling is off: >net.inet.ip.fastforwarding: 1 Have you tried disabling fastforwarding? What if your hardware configuration and how much traffic are you pushing through the system? -- Peter Jeremy Please excuse any delays as the result of my ISP's inability to implement an MTA that is either RFC2821-compliant or matches their claimed behaviour.
pgpYJNdeyPoGv.pgp
Description: PGP signature
