Erik Trulsson wrote:
On Sun, Mar 16, 2008 at 04:37:18PM +0100, Wojciech Puchar wrote:
Frankly I'm a bit surprised that this hasn't been more widely heralded,
as userland natd is often given as a reason to prefer other firewalls,
what's wrong in userland natd?
Performance. With userland natd, every packet that passes through natd
must pass from kernel to userland (causing one context switch) and back
again (causing another context switch). This will be slower and use more
CPU than doing it all inside the kernel, without any context switches.
Online reconfiguration. Userland natd requires a restart (and a loss of
all nat state information) when you want to change forwarded ports and
such, whereas the in-kernel NAT engines (in ipf and pf, at least)
support reconfiguration without flushing state. To a large extent, at least.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<[EMAIL PROTECTED]>
Furry Peace! - http://wwww.fur.com/peace/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
