Date: Sat, 25 Jun 2005 00:01:56 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Ean Kingston <ean@hedron.org> Cc: freebsd-questions@freebsd.org Subject: Re: firewall on freebsd Message-ID: <20050624210156.GC1055@gothmog.gr> In-Reply-To: <200506241059.11035.ean@hedron.org> References: <5fd642fc05062406331e283ffe@mail.gmail.com> <200506241059.11035.ean@hedron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-24 10:59, Ean Kingston <ean@hedron.org> wrote: > For anyone who wants to start the in-kernel vs user-land NAT argument, > I've already been through it and there are valid arguments for both > sides. So, I won't get into it again. Agreed. Most of the people who use FreeBSD in SOHO installations (small office, home office), and have far less than dozens of systems behind a NAT-ting FreeBSD system will very rarely have a chance to notice *ANY* difference between userlevel vs. in-kernel NAT. This top snapshot: http://keramida.serverhive.com/pixelshow-top.txt is from a relatively recent demo-party where ipfw/natd were used in a gateway of more than 100 systems madly downloading files from each other and from the wide Internet. Notice the 97% idle cpu percentage :-) If FreeBSD can handle NAT, packet forwarding, and general connectivity for more than 100 systems and still sit 97% of the time waiting for something interesting to happen, then I'd be surprised if SOHO users with less than 10-15 systems will notice anything :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050624210156.GC1055>