Date: Tue, 27 Oct 2009 16:14:34 -0700 From: Chris Cowart <ccowart@rescomp.berkeley.edu> To: remodeler <remodeler@alentogroup.org> Cc: freebsd-net@freebsd.org Subject: Re: Port-forwarding with IPFW / natd Message-ID: <20091027231434.GC11723@hal.rescomp.berkeley.edu> In-Reply-To: <20091027224716.M1459@alentogroup.org> References: <20091027224716.M1459@alentogroup.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--96YOpH+ONegL0A3E Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable remodeler wrote: > Is there any reason to prefer port-forwarding with ipfw (forward ipaddr) = vs. > natd (-redirect_port), if I am using both subsystems in any case? I see n= atd > uses libalias and an ipfw divert port, so my thought is that the ipfw app= roach > would incur less overhead. Also, the ipfw approach permits a hostname for > resolving where natd requires an IP address. Using natd (or ipfw nat) has the ability to manipulate the IP address and ports of a packet. The fwd capability in ipfw does not modify the layer 3 headers, but instead short-circuits the next-hop logic. Take a look at the fwd description in ipfw(8). I would recommend using the ipfw built-in nat support (search for NAT in ipfw(8)) instead of the old-style divert solution. As I understand it, divert has overhead related to copying the packets to and from userland, which is unnecessary when using the in-kernel implementation. --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --96YOpH+ONegL0A3E Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iQIcBAEBAwAGBQJK537aAAoJEC8b9sM8ejXti/YP/jbvz218pJ4+nHewFJKQL9qL wvVJySRz5Tw1jbFQ96JyNWtdCQphZ8JOKEwnsbVl9lxvNj7kWVLf++uX5BIdjLfE 6NxbKfcBzneANo7//4ddIGa4uG+K5tqO+CSiKfmOV8yt1bToU9va4r9Cnkl8tjKh I1Ddlwm1c2cu38DINN7c8nA6CCwV01Jh9uUrx/xsMHupwfhLGKd0CSUs5LKjSX2Q kyfYeuPTjXbKjeWmDk4SEp0DzfTWQ15BEAyGdMKGMe5Wla10ITaLBs4petgQZzlV WND4BhXCC1aEqE/R6qN+O3OM4bS3A6YKCOPojKwuKCT4xvKiBiOncyWLfA/k9NjJ zbcv7pBjqm/ucDgJxqxo7NAb5DFU1L14HdFMuF03/UCxsNp7+h7fpUMnZ9zfHuo2 JBdBAlMdoyADlAQPJDoiscz+q2e5XqsdPcQ/o6+ZghFZez1HYY2mYz1MMxOAY9BM krnSM69fh6/uR6pildJuNBZ7Jfm7xcZjpKuHOvK6JHiBl0oKbgycwzWs+h9eOTrd 4BWxLawCEHruxKh3dfikea9WdaaBokL2Nkc1GTdtyrCilgJHluRvUpoDfcYIkLuf lPfVSh3AjfLWzxaNoqeai12kGCX++5XLpxEn3GGsZo8qi8wgUuB1J2URCT0OTivW Knf3o+HhOKGKEW2ZHxK2 =jAGS -----END PGP SIGNATURE----- --96YOpH+ONegL0A3E--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091027231434.GC11723>