From owner-freebsd-questions  Mon Dec  3  6:18:14 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from hotmail.com (f86.law3.hotmail.com [209.185.241.86])
	by hub.freebsd.org (Postfix) with ESMTP id 1827A37B405
	for <freebsd-questions@FreeBSD.ORG>; Mon,  3 Dec 2001 06:18:12 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Mon, 3 Dec 2001 06:18:11 -0800
Received: from 139.108.175.26 by lw3fd.law3.hotmail.msn.com with HTTP;
	Mon, 03 Dec 2001 14:18:11 GMT
X-Originating-IP: [139.108.175.26]
From: "Thor Legvold" <tlegvold@hotmail.com>
To: axel@axel.truedestiny.net
Cc: friar_josh@webwarrior.net, freebsd-questions@FreeBSD.ORG
Subject: Re: Firewall rules (ipfw)
Date: Mon, 03 Dec 2001 14:18:11 
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F86oqciWBXxbT9RVoP80001cf60@hotmail.com>
X-OriginalArrivalTime: 03 Dec 2001 14:18:11.0769 (UTC) FILETIME=[56E62A90:01C17C05]
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Axel wrote:
>What about ipfilter/ipnat combo for this setup ? ipfilter has way >better
>performance than ipfw (or you should mess up the config) since it >doesn't 
>have
>to copy packets from kernel to userland. At home (cable) I use it on a 
> >486-33/
>16MB. I had natd running for a while but that caused a 100% cpu load >when
>there was much traffic, now with ipnat it never gets higher then 20% ;->)

I can look into it. I'd kind of like to get ipfw/nat working right since 
I've invested so much time in it - learning a copletely different ruleset 
syntax is not something I look forward to right now. I'd like to just get 
everything up and semi-ok, and then spend time tweaking here and there as I 
have time.  IPF and ipnat would also require a kernel rebuild, which isn't 
difficult or impossible, just more work when I already have little spare 
time.

Thanks for the suggestion.

>Gr,
>--
>Axel Scheepers

Regards,
Thor


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message