From owner-freebsd-questions@FreeBSD.ORG Tue Mar 21 14:00:07 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E16916A422 for ; Tue, 21 Mar 2006 14:00:07 +0000 (UTC) (envelope-from wilfre@mail.ru) Received: from mx6.mail.ru (mx6.mail.ru [194.67.23.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id CFBDC43D64 for ; Tue, 21 Mar 2006 14:00:02 +0000 (GMT) (envelope-from wilfre@mail.ru) Received: from [213.59.98.218] (port=54595 helo=[192.168.111.6]) by mx6.mail.ru with asmtp id 1FLhOz-0004zF-00 for freebsd-questions@freebsd.org; Tue, 21 Mar 2006 17:00:01 +0300 Message-ID: <442006DF.2010405@mail.ru> Date: Tue, 21 Mar 2006 16:59:59 +0300 From: "Andrey V. Semyonov" User-Agent: Thunderbird 1.5 (X11/20060309) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20060320131020.GI20138@in.nextra.sk> <20060320174409.GA72825@xor.obsecurity.org> <20060321134152.GN20138@in.nextra.sk> In-Reply-To: <20060321134152.GN20138@in.nextra.sk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Low network performance after upgrade from FreeBSD 4.8 to 6.0 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 14:00:07 -0000 Bohuslav Plucinsky wrote: > > I've tried PF, suggested by Martin Hudec and it seems that PF does not > have this performance problem. I like IPFW, I use it since year 1999, > but probably is time to switch to PF. The impact you receive is caused by user-level 'natd'. Use 'ipnat(8)' instead as it is kernel-level, or as mentioned use 'pf(4)'. Of course use it without 'ipfw add divert' rule by saving the overall role of 'ipfw' in your firewalling. As an addition, you may use 'ipnat', 'ipfw' and 'pf' and seems even 'ipf' together the same time (with some precautions, try to find the information on it, I know it was there). Just using needed specific features of each of them where it is needed. Try it. Use it.