significantly slow IPFW + NATD + amd64
Randy Bush
randy at psg.com
Mon Sep 6 11:08:16 UTC 2010
Ian FREISLICH wrote:
>
> Peter Reo Molnar wrote:
> > Hello,
> >
> > I tried setup NAT with IPFW, compiled my kernel and I found that there
> > is very slow connection.
> > After I disabled NAT and IPFW then speed was increased.
> >
> > 64-bit FreeBSD 9-CURRENT :
> > With IPFW: 1.2 MB/sec
> > Without IPFW: 33 MB/sec
> >
> >
> > my ipfw work with i386 (stable) without speed decreasing:
> >
> > fw.test.conf:
> > -f flush
> > add 00050 divert 8668 ip4 from any to any via re0
> > add 00100 allow ip from any to any via lo0
> > add 00200 deny ip from any to 127.0.0.0/8
> > add 00300 deny ip from 127.0.0.0/8 to any
>
> This looks like you're using the old style NAT - divert to userland.
> That has always performed poorly. Perhaps not as poorly as this
> though. How much CPU is natd consuming?
>
> Have you considered using in-kernel NAT? See the 'NETWORK ADDRESS
> TRANSLATION' section in the ipfw manual. It's worth a try.
i never managed to figure out how to convert my pppoe nat config to ipfw
natting.
foo:
set device PPPoE:vr0
set MTU 1454
accept CHAP
enable lqr
add default HISADDR
nat enable yes
nat port tcp 192.168.0.33:51332 51332
nat port udp 192.168.0.33:51332 51332
set authname blogovitch
set authkey vitchoblog
loop:
set log phase chat connect lcp ipcp command
set device localhost:pptp
set dial
set login
set ifaddr 192.168.0.200 192.168.0.201 255.255.255.255
clue bat solicited
randy
More information about the freebsd-current
mailing list