Brett Glass wrote:
At 09:50 PM 10/21/2006, Julian Elischer wrote:
one thing that you need to name sure of is that only the packets that
have potential of being on interest to natd are passed to natd.
I do. In fact, this is a capability I would lose if I used ipfilters or
pf to do NAT, which
At 09:50 PM 10/21/2006, Julian Elischer wrote:
one thing that you need to name sure of is that only the packets
that have potential of being on interest to natd are passed to natd.
I do. In fact, this is a capability I would lose if I used
ipfilters or pf to do NAT, which is why I want to fin
On Sat, Oct 21, 2006 at 11:59:45PM +0200, Peter Ankerst?l wrote:
> I've looked all over the web for some tutorials on how to create
> sub-interfaces i FreeBSD..
> Something like fxp0.1
>
> Should I use ng_ ?
If you mean vlan interfaces, "ifconfig fxp0.1 create" should actually
work if the vlan m
Brett Glass wrote:
I'm working with a FreeBSD-based router that's using IPFW for policy
routing, traffic shaping, and transparent proxying and natd for network
address translation. IPFW does these things pretty well (in fact, I
don't know if another firewall, like pf, could even do some of thes
Max Laier wrote:
> On Saturday 21 October 2006 03:28, Julian Elischer wrote:
>> The more I look at this the more I think that it is broken.
>>
>> Instead of the bridge registering a separate filter queue for itself,
>> it is using the queues set up by the IP stack.
>>
>> It should register its own
Saturday, October 21, 2006, 6:42:15 PM, Eugene Grosbein wrote:
>> 1. libalias allocate memory for create each new entry in NAT table.
>>libalias use linear search in linked list to find entry in table.
>>It very slow when you have thousands simultaneous connections via
>>nat
EG> In RE
On Sat, Oct 21, 2006 at 03:54:06PM -0600 I heard the voice of
Brett Glass, and lo! it spake thus:
>
> Also, more than once I've locked myself out of a machine when trying
> to restart NAT with a different configuration;
The trick I've adopted for this is to have allow rules for port 22
both direc
At 03:54 AM 10/21/2006, Vladimir Grebenschikov wrote:
> 1. use PF for nat - it does aliasing in kernel space
True, but it doesn't let me translate the packets and
then continue processing within the firewall -- which
is necessary if you want to catch unregistered destination
addresses BEFORE tra
I've looked all over the web for some tutorials on how to create
sub-interfaces i FreeBSD..
Something like fxp0.1
Should I use ng_ ?
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any
At 03:58 AM 10/21/2006, Matthew D. Fuller wrote:
>Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might
>fit here. It should move the NAT'ing into the kernel and save all the
>context switches and copies, and (what has me more interested) make it
>much easier to change port forwar
> Are you using amd64 or i386 kernel ? the config implies you are using
> i386
On firewall, i386
>
> I found
> kern.polling.idle_poll=1
> to improve performance in polling.
Oh, that does it! Excellent! Performance jumped to 930mbit in single
thread instantly.
> Also, try updating the box to 6.2
On Saturday 21 October 2006 11:39, Kris Kennaway wrote:
= We've been discussing em issues for several weeks now, so it would be
= great if you could get yourself up to speed - please review the
= discussion on freebsd-stable and freebsd-net (start with posts by
= Scott Long, myself, and Jack Vogel)
= I'd appreciate if people who are observing the problem will report
= whether adding DEVICE_POLLING option to kernel config helps them
= or not. This will help to tell whether the problem is in the above
= quote or in the import of new versions from vendor.
I tried this yesterday -- before writin
On Sat, 21 Oct 2006, Milan Obuch wrote:
On Saturday 21 October 2006 17:28, Robert Watson wrote:
On Sat, 21 Oct 2006, Milan Obuch wrote:
I know this is really minimum information here, but I need just an idea
what to look for. It is strange for me - is it some memory leak? How
could it be clea
On Saturday 21 October 2006 17:28, Robert Watson wrote:
> On Sat, 21 Oct 2006, Milan Obuch wrote:
> > I know this is really minimum information here, but I need just an idea
> > what to look for. It is strange for me - is it some memory leak? How
> > could it be cleared with simple ifconfig up? Did
On Sat, Oct 21, 2006 at 01:00:08PM -0400, Mikhail Teterin wrote:
M> = I'd appreciate if people who are observing the problem will report
M> = whether adding DEVICE_POLLING option to kernel config helps them
M> = or not. This will help to tell whether the problem is in the above
M> = quote or in the
On Sat, Oct 21, 2006 at 10:06:16AM -0400, Mikhail Teterin wrote:
> Hello!
>
> The system is a dual Opteron 244 running today's FreeBSD-6.2/amd64.
>
> em-interface connects it to the switch (in gigabit mode).
>
> When I direct 2 database dumps at the machine in parallel (the arriving data
> is g
On Sat, 21 Oct 2006, Milan Obuch wrote:
I know this is really minimum information here, but I need just an idea what
to look for. It is strange for me - is it some memory leak? How could it be
cleared with simple ifconfig up? Did anyone seen something similar?
It is pretty minimal informatio
Chris Bowman wrote:
Correction! I apologize, only noticed after I sent, obviously. Anywhere
I typed /usr/sbin please replace with /sbin only in this case..Sorry ;)
Namely where I said /usr/sbin/natd should be /sbin/natd ...
Fantastic, this seems to have not hurt any ;)
Thanks for the info. N
On Sat, Oct 21, 2006 at 02:50:31PM +0400, Anton Yuzhaninov wrote:
> 1. libalias allocate memory for create each new entry in NAT table.
>libalias use linear search in linked list to find entry in table.
>It very slow when you have thousands simultaneous connections via
>nat
In RELENG_
Correction! I apologize, only noticed after I sent, obviously. Anywhere
I typed /usr/sbin please replace with /sbin only in this case..Sorry ;)
Namely where I said /usr/sbin/natd should be /sbin/natd ...
On Sat, 2006-10-21 at 09:23 -0500, Chris Bowman wrote:
> First, sorry for the double post,
Hi,
I am seeing something strange on couple of our routers. All are WRAP based on
6.1-RELEASE-p6, easiest description is:
# ping
PING : 56 data bytes
ping: sendto: No buffer space available
ping: sendto: No buffer space available
^C
--- ping statistics ---
2 packets transmitted, 0 packets recei
First, sorry for the double post, received a message saying the first
one was rejected by a spam filter, however I now see it's on the
list! ;)
Of course you may ask for more help! First, take advantage of what's
out there, people have written some absolutely great documentation,
including the Fr
Chris Bowman <[EMAIL PROTECTED]> wrote:
> I see this question come up now and then on the lists, so, I'll share
> what I've learned about natd and performance! First, if your running
> natd on a processor which supports more functions than just a standard
> 386, ie a Pentium, Athlon, etc.
Hello!
The system is a dual Opteron 244 running today's FreeBSD-6.2/amd64.
em-interface connects it to the switch (in gigabit mode).
When I direct 2 database dumps at the machine in parallel (the arriving data
is getting compressed and written to local disk), the "system" component of
the load
Chris Bowman wrote:
I see this question come up now and then on the lists, so, I'll share
what I've learned about natd and performance! First, if your running
natd on a processor which supports more functions than just a standard
386, ie a Pentium, Athlon, etc. Then I've found compiling nat
I see this question come up now and then on the lists, so, I'll share what
I've learned about natd and performance! First, if your running natd on a
processor which supports more functions than just a standard 386, ie a
Pentium, Athlon, etc. Then I've found compiling natd with make flags for
th
I see this question come up now and then on the lists, so, I'll share
what I've learned about natd and performance! First, if your running
natd on a processor which supports more functions than just a standard
386, ie a Pentium, Athlon, etc. Then I've found compiling natd with
make flags fo
Saturday, October 21, 2006, 1:58:08 PM, Matthew D. Fuller wrote:
MDF> On Sat, Oct 21, 2006 at 12:47:54AM -0600 I heard the voice of
MDF> Brett Glass, and lo! it spake thus:
>>
>> How can I replace just the functionality of natd without moving to
>> an entirely new firewall? Can I still select whic
On Sat, Oct 21, 2006 at 12:47:54AM -0600 I heard the voice of
Brett Glass, and lo! it spake thus:
>
> How can I replace just the functionality of natd without moving to
> an entirely new firewall? Can I still select which packets are
> routed to the NAT engine, and when this occurs during the proce
В сб, 21/10/2006 в 00:47 -0600, Brett Glass пишет:
> I'm working with a FreeBSD-based router that's using IPFW for
> policy routing, traffic shaping, and transparent proxying and natd
> for network address translation. IPFW does these things pretty well
> (in fact, I don't know if another firewa
In that situation I have used IPFW for filtering and IPF for doing NAT.
But NAT is in it's nature a very processor and memory intensive process,
I wouldn't recommend to anyone to run NAT if they have more than
10Mb bandwidth and more than 100 nodes on their network.
Baldur
On Sat, Oct 21, 2006 at
32 matches
Mail list logo
