Date: Tue, 3 Apr 2001 23:21:06 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Kevan Olhausen" <kevan@solidnet.com>, <questions@FreeBSD.ORG> Subject: RE: ipchains and natd Message-ID: <002b01c0bccf$6ea604c0$1401a8c0@tedm.placo.com> In-Reply-To: <NFBBLLFDMLANHLJIJNPAEEFDCAAA.kevan@solidnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
What's the output of vmstat -m on your nat system? Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Kevan Olhausen >Sent: Tuesday, April 03, 2001 9:49 PM >To: questions@FreeBSD.ORG >Subject: ipchains and natd > > >I've been using ipchains on Linux for our buisness's firewall so I can >masquerade the connections. I recently had the opportunity to change the OS >to FreeBSD 4.2 so I set it up with natd and ipfw. The problem was that as >soon as there were a few simultanious connections the natd process would >start getting 15%-25% CPU time when I looked at top and the connections >would eventually start to get slower the more connections there were. The >hardware is a Pent II 166. ipchains didn't seem to have any kind of >performance hit (because it's using the kernel, I think) but natd is a >separate process and it appears to be more vulnerable. Any thoughts on if >this is normal and is there any ipchains-type implementation on FreeBSD? >Thanks! > >------- >Kevan Olhausen >kolhausen@windermere.com >Information Technologies > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002b01c0bccf$6ea604c0$1401a8c0>