I've played around a bit more with my 300 MHz firewall now. Actually,
even if I completely disable natd, and use only a single pass-all
firewall rule, I can't get over about 30 MBps, at 2500 packets per
second, through the machine. (I used netstat -i -b to measure
traffic.)
I tried the link0 opt
natd is a daemon userland process which performs way poorly than a kernel
process. its fine for small office/home use, but definately not at the traffic
level you are pushing.
you can consider using ipnat (kldload ipl.ko; man -a ipnat) for NAT rules, and
use ipfw for rest of packet filtering.
hop
