Re: using natd to load balance port 80 to multiple servers

• Previous message: lukem.freebsd_at_cse.unsw.edu.au: "Underutilisation of CPU --- am I PCI bus bandwidth limited?"
• In reply to: Stephane Raimbault: "using natd to load balance port 80 to multiple servers"
• Next in thread: Bill Fumerola: "Re: using natd to load balance port 80 to multiple servers"
• Reply: Bill Fumerola: "Re: using natd to load balance port 80 to multiple servers"
• Reply: _at_babolo.ru: "Re: using natd to load balance port 80 to multiple servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Sun, 24 Oct 2004 21:50:02 -0700
To: Stephane Raimbault <segr@hotmail.com>

Stephane Raimbault wrote:
> Hi All,
>
> I'm currently using a freebsd box running natd to forward port 80 to
> several (5) web servers on private IP's.
>
> I have discovered that natd doesn't handle many requests/second all that
> well (seem to choke at about 200 req/second (educated guess))
>

use the "ipfw fwd" option to directly send the packets to the appropriate machine.
Should be able to forwarrd at wire speed.

you will probably need ipfw fwd running on both sides of the forward..
one on the switch machine to forward packets to one machine and one on
that machine to "capture" those packets to a local socket.

> There are other packet filtering options on FreeBSD and I wonder if I
> can use them to do what I'm trying to do with natd.
>
> Would someone be able to point me to documentation or help me have
> either ipf/ipfw/pf forward port 80 traffic to private space IP's?
>
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: lukem.freebsd_at_cse.unsw.edu.au: "Underutilisation of CPU --- am I PCI bus bandwidth limited?"
• In reply to: Stephane Raimbault: "using natd to load balance port 80 to multiple servers"
• Next in thread: Bill Fumerola: "Re: using natd to load balance port 80 to multiple servers"
• Reply: Bill Fumerola: "Re: using natd to load balance port 80 to multiple servers"
• Reply: _at_babolo.ru: "Re: using natd to load balance port 80 to multiple servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: ipfw/nated stateful rules example ... I found it OK for stateful rules, as long as you don't use natd! ... packets went out including the natd in the middle. ... > ipfw add allow udp from any ntp to any in recv $ext_if ... > ipfw add allow udp from any to any ntp out xmit $ext_if ... (freebsd-questions) Re: [fw-wiz] IPTables QUEUE target equivalency in other firewalls ... ipfw certainly does, called divert. ... and usable by others instead or in addition to natd. ... > Netfilter/IPTables supports a target of QUEUE which delivers packets to ... > allow/drop packets in realtime. ... (Firewall-Wizards) Re: nat and ipfw ... packets to be translated. ... the packets to natd is one thing, ... > dsl and the other for an internal subnet. ... > ipfw configured and running. ... (freebsd-questions) Re: IPFW questions ... natd is a daemon userland process which performs way poorly than a kernel ... use ipfw for rest of packet filtering. ... > bdg_forward packets. ... (freebsd-net) IPFW and NAT - blocking RFC 1918 ("unregistered") network that matches my own ... I am up and running with ipfw 2 and natd, but not all is quite well. ... I can't figure out how to block "spoofed" packets from the outside ... that use the same RFC 1918 network as the one I'm translating to. ... (freebsd-net)