On Tuesday 04 November 2008 16:50:43 Jeremy Chadwick wrote: > On Tue, Nov 04, 2008 at 04:48:31PM +0100, Matthias Kellermann wrote: ... > > > > Thanks for your explanation, Max. > > > > I've added the following line to /etc/inetd.conf: > > telnet stream tcp nowait nobody /usr/bin/nc /usr/bin/nc -w 20 > > 192.168.0.10 23 > > > > Works fine! > > > > I've tried the same thing with other protocols (e.g. SSH). Doing an scp > > transfer is really slow this way. Any ideas what could cause this issue? > > (this is not pf related anymore, but perhaps someone has a quick answer). > > Simple: you've created a wonderful, beautiful bottleneck by using netcat > as a form of buffering mechanism. You can tune netcat to your hearts > content, and probably improve things a bit, but you're more or less > screwed (to put it frankly). > > I highly recommend Max's first recommendation.
Basically, yes. Userland redirection is a hack. It's easy to setup and will get you going. There are more efficient implementations than netcat - e.g. rinetd from ports. Ultimately, however, if you are looking for throughput without too much impact on the forwarding box etc. ... you must use a different mechanism - such as in-kernel redirection as provided by pf. For that you need a different network layout, however. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
