Date: Sun, 27 Jan 2002 16:50:48 +0100 From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net> To: "Matthew Emmerton" <matt@gsicomp.on.ca> Cc: "BSD NET-List" <freebsd-net@FreeBSD.ORG> Subject: Re: natd restart Message-ID: <5.1.0.14.0.20020127163105.01e35eb0@mail.drwilco.net> In-Reply-To: <00b501c1a742$9a89d950$1200a8c0@gsicomp.on.ca> References: <Pine.BSF.4.21.0201270011300.6340-100000@cody.jharris.com> <003c01c1a701$da5209e0$1200a8c0@gsicomp.on.ca> <20020127101854.B267@idefix.local>
next in thread | previous in thread | raw e-mail | index | archive | help
(order of quoted mail slightly altered)
>I'm looking at making natd into a kernel option ("options IPNAT") and using
>a combination of sysctls and a front-end program to manage how nat operates,
>much like "options IPFIREWALL" and ipfw works today.
I've been kicking around the idea of making it a netgraph node. And I know
several other people have too.
>Not yet. One of the things that I don't like about this patch is that old
>rules still stay around (re-reading the configuration will only modify
>existing rules and add new rules.) I'm also taking a lot of flak on my side
>of the fence since NAT runs as a userland process, so every packet gets
>copied between the kernel and userland twice (once on the way in, once on
>the way out.) Apparently Linux doesn't do this.
libalias is very nice, natd to me has a hackey feeling to it. Try setting
up a firewall that nats and uses dynamic rules.... I haven't been able to,
have had to rely on natd to do my state checking, resulting in ipfw rule
lists that are not easily read by the layman. So maybe that's another
reason to re-evaluate our current NAT solution.
Would it be hard to keep using libalias? I know we can't just link against
userland libraries in kernel land, but would there be much difficulty in
making use of the exact same code? Because the beauty of having libalias is
of course the -nat switch on ppp for instance....
Then again, ppp already knows about Netgraph, so if it's done as a netgraph
node, that might as well be converted =)
Does anything but ppp and natd use libalias?
>This (in my mind) should greatly enhance the throughput of FreeBSD's NAT and
>keep those Linux people from bashing us (or me, at least.)
Would be very nice indeed =)
BTW, I hereby volunteer as junior kernel hacker to help on this project. To
me NAT has been one of the strongpoints of FreeBSD (very nice features,
works very well with FTP/DCC/PPTP) and making it even better would be a
pleasure.
>--
>Matt Emmerton
Just my $0.02,
Doc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.0.20020127163105.01e35eb0>