IPFW In-Kernel NAT vs PF NAT Performance
Kristof Provost
kp at FreeBSD.org
Wed Mar 18 06:17:22 UTC 2020
> On 18 Mar 2020, at 13:31, Neel Chauhan <neel at neelc.org> wrote:
>
> Hi freebsd-net@ mailing list,
>
> Right now, my firewall is a HP T730 thin client (with a Dell Broadcom 5720 PCIe NIC) running FreeBSD 12.1 and IPFW's In-Kernel NAT. My ISP is "Wave G" in the Seattle area, and I have the Gigabit plan.
>
> Speedtests usually give me 700 Mbps down/900 Mbps up, and 250-400 Mbps down/800 Mbps up during the Coronavirus crisis. However, I'm having problems with an application (Tor relays) where I am not able to use a lot of bandwidth for Tor, Coronavirus-related telecommuting or not. My Tor server is separate from my firewall.
>
> Which firewall gives better performance, IPFW's In-Kernel NAT or PF NAT? I am dealing with 1000s of concurrent connections but browsing-level-bandwidth at once with Tor.
>
I’d expect both ipfw and pf to happily saturate gigabit links with NAT, even on quite modest hardware.
Are you sure the NAT code is the bottleneck?
Regards,
Kristof
More information about the freebsd-net
mailing list