[Bug 219316] Wildcard matching of ipfw flow tables
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed May 17 12:33:46 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219316
Andrey V. Elsukov <ae at FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ae at FreeBSD.org
--- Comment #6 from Andrey V. Elsukov <ae at FreeBSD.org> ---
(In reply to lutz from comment #0)
> Consequently a deterministically selected group of clients has to share the
> same NAT table using a single external IP. A typical approach is to use
> wildcards to match the right NAT instance:
>
> add 2100 nat 100 ipv4 from 100.64.0.0:255.192.0.63 to any xmit ext out
> add 2101 nat 101 ipv4 from 100.64.0.1:255.192.0.63 to any xmit ext out
> add 2102 nat 102 ipv4 from 100.64.0.2:255.192.0.63 to any xmit ext out
> ...
>
> This approach is inefficient, tables could help. But tables does not support
> wildcard masking of lookup data. With such an wildcard mask, especially the
> flow tables could greatly improve performance.
Can you provide an example how your patches solve this problem? Some
commands/rules that you use for configuration would be good.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list