remodeler wrote: > Is there any reason to prefer port-forwarding with ipfw (forward ipaddr) vs. > natd (-redirect_port), if I am using both subsystems in any case? I see natd > uses libalias and an ipfw divert port, so my thought is that the ipfw approach > would incur less overhead. Also, the ipfw approach permits a hostname for > resolving where natd requires an IP address.
Using natd (or ipfw nat) has the ability to manipulate the IP address and ports of a packet. The fwd capability in ipfw does not modify the layer 3 headers, but instead short-circuits the next-hop logic. Take a look at the fwd description in ipfw(8). I would recommend using the ipfw built-in nat support (search for NAT in ipfw(8)) instead of the old-style divert solution. As I understand it, divert has overhead related to copying the packets to and from userland, which is unnecessary when using the in-kernel implementation. -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley
pgpdp9WWBGVze.pgp
Description: PGP signature
