Date: Mon, 5 May 2003 18:27:56 +0200 From: Clement Laforet <sheep.killer@cultdeadsheep.org> To: freebsd-performance@freebsd.org Subject: Re: NAT performance tweaks Message-ID: <20030505182756.093fb1c3.sheep.killer@cultdeadsheep.org> In-Reply-To: <3EB67822.3070802@centtech.com> References: <3EB67822.3070802@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 05 May 2003 09:41:38 -0500 Eric Anderson <anderson@centtech.com> wrote: > Does anyone have any tweaks they apply to NAT firewalls that pass a > lot of connections through them? Here's the ony tweak I have in place > already, but I'm not sure they're needed yet (or if there are any > tweaks needed at all): which NAT solution do you use ? > sysctl kern.ipc.somaxconn=8192 NAT'ing (except for natd which uses IPDIVERT (but not more than 3)) doesn't use socket to translate packets. Generally, packets are tagged by firewall control software and translated within the IP stack (at leat in kernel land). clem
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030505182756.093fb1c3.sheep.killer>