Re: Avoiding natd overhead
- From: Brett Glass <brett@xxxxxxxxxx>
- Date: Sat, 21 Oct 2006 15:54:06 -0600
At 03:58 AM 10/21/2006, Matthew D. Fuller wrote:
Paolo Pisati's 2005 SoC work on integrating libalias into ipfw might
fit here. It should move the NAT'ing into the kernel and save all the
context switches and copies, and (what has me more interested) make it
much easier to change port forwarding and other rules.
That would be excellent. NAT really belongs in the kernel, with a
userland control and monitoring utility similar to the ones that manage
kernel PPP in many UNIX-like OSes.
The worst
thing about natd for me isn't performance, it's that I have to blow
away all the state to change anything.
Agreed. Also, more than once I've locked myself out of a machine when
trying to restart NAT with a different configuration; it would be
nice to be able to change just the parameters I needed to change.
I'd love to be able to look at the translations that are generated on
the fly in the same way that one can look at other dynamic rules.
This is especially true for some of the more arcane forms of NAT
(e.g. PPTP passthrough, in which PPTP session numbers are mapped
to avoid collisions) which can be hard to debug when something goes
worng.
--Brett
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Avoiding natd overhead
- From: Matthew D. Fuller
- Re: Avoiding natd overhead
- References:
- Avoiding natd overhead
- From: Brett Glass
- Re: Avoiding natd overhead
- From: Matthew D. Fuller
- Avoiding natd overhead
- Prev by Date: Re: Gigabit performance test
- Next by Date: Sub-interfaces.
- Previous by thread: Re[2]: Avoiding natd overhead
- Next by thread: Re: Avoiding natd overhead
- Index(es):
Relevant Pages
|
|
