Port-forwarding with IPFW / natd
Chris Cowart
ccowart at rescomp.berkeley.edu
Tue Oct 27 23:14:35 UTC 2009
remodeler wrote:
> Is there any reason to prefer port-forwarding with ipfw (forward ipaddr) vs.
> natd (-redirect_port), if I am using both subsystems in any case? I see natd
> uses libalias and an ipfw divert port, so my thought is that the ipfw approach
> would incur less overhead. Also, the ipfw approach permits a hostname for
> resolving where natd requires an IP address.
Using natd (or ipfw nat) has the ability to manipulate the IP address
and ports of a packet. The fwd capability in ipfw does not modify the
layer 3 headers, but instead short-circuits the next-hop logic. Take a
look at the fwd description in ipfw(8).
I would recommend using the ipfw built-in nat support (search for NAT in
ipfw(8)) instead of the old-style divert solution. As I understand it,
divert has overhead related to copying the packets to and from userland,
which is unnecessary when using the in-kernel implementation.
--
Chris Cowart
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20091027/f41f00b4/attachment.pgp
More information about the freebsd-net
mailing list