pf nat & ipfw kernel nat & ng_nat - what uses less computer
resources?
Vadim Goncharov
vadim_nuclight at mail.ru
Mon Jul 19 09:19:25 UTC 2010
Hi Nikol at y!
On Fri, 4 Jun 2010 03:19:41 -0700 (PDT); Nikol at y wrote about 'pf nat & ipfw kernel nat & ng_nat - what uses less computer resources?':
> We have a network. Now we are using pf NAT. But we are interested in some
> question:
> 1. What type of NAT uses less computer resources?
> a) pf NAT
> b) ipfw kernel NAT
> c) NG_NAT ?
AFAIK, ipfw nat uses slightly less resources than ng_nat (not significant),
and pf uses more reosurces than two others.
> 2. BINAT or NAT - what is better? Which one of them is more faster and uses
> less computer resources with one of firewall? In theory I think that BINAT
> faster than NAT, because there is no necessary to track connections.
Not in implementation, it always does.
> 3. I know that the firewall PF does not support threads. I read that IPFW is
> (in FreeBSD 8.0, for example). But in my test I haven`t seen threads when
> used IPFW. Maybe there are some special options to compile kernel or
> configure IPFW? For tests I compiled kernel with:
There are no special threads for ipfw, it runs in the context of other threads
(driver, netisr or swi1, depending on settings and compile options).
> 4. I can`t find any information about BINAT in ipfw+ng_nat? Does anyone use
> this technology? Or maybe you know interesting information about it?
It is no "so binat" as in pf, but it can be emulated. Read these:
man natd
man libalias
man ng_nat
and use redirect_address (all three use the same underlying libalias, so even
for different implementations techniques are valid).
--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight at mail.ru
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]
More information about the freebsd-performance
mailing list