Date: Thu, 30 Jan 2014 00:18:59 +0200 From: Vladislav Prodan <universite@ukr.net> To: Frank Leonhardt <frank2@fjl.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re[2]: Necessary to implement static NAT 1:1 Message-ID: <1391033938.846207368.s17yjvjq@frv35.ukr.net> In-Reply-To: <52E9762F.10208@fjl.co.uk> References: <1390999493.115887823.pfbg2ep5@frv35.ukr.net> <52E91B3D.4000601@fjl.co.uk> <1391010653.726619904.szvwo6t9@frv35.ukr.net> <52E9762F.10208@fjl.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 29/01/2014 15:52, Vladislav Prodan wrote: > > > > > > > >> On 29/01/2014 12:45, Vladislav Prodan wrote: > >>> Necessary to implement static NAT 1:1 > >>> > >>> 10.1.2.3 -> 100.1.2.3 > >>> 10.1.2.4 -> 100.1.2.4 > >>> 10.1.2.5 -> 100.1.2.5 > >>> 10.1.2.6 -> 100.1.2.6 > >>> ... > >>> IP addresses such an over 20k > >>> prompt you implement? > >>> > >> I don't understand the question exactly (I expect I will not be the only > >> one). natd will allow 1:1 mappings like this very easily. Are you saying > >> you have a lot of these and you do not want to write the config file by > >> hand? > >> > >> > > I'm not sure that FreeBSD withstand an over 20k rules of the form: > > > > ipfw nat 3 config ip 100.1.2.3 > > ipfw nat 4 config ip 100.1.2.4 > > ipfw nat 5 config ip 100.1.2.5 > > ipfw nat 6 config ip 100.1.2.6 > > ... > > > > + Two rules to handle each nat N > > > > Probably need to somehow use nat tablearg, but I do not understand logic. > > > > > > I do not think there would be a problem with natd. It uses libalias and > this calls malloc() to add each redirect to a simple linked list. A > quick looks suggests it's only 50-ish bytes/entry (depending on > processor) so a table of 20K of them would be ~1Mb (+malloc overhead). > There was a time when 1Mb was a lot of core, but not any more. It may > slow down a bit, as it links through he list. > > There might be something in the newer libalias that does it more > efficiently, but if you give it a go I think it will probably work. > > Regards, Frank. > > Thank you for your feedback. I will try to assemble the stand and test scripts to simulate the behavior of users. -- Vladislav V. Prodan System & Network Administrator http://support.od.ua +380 67 4584408, +380 99 4060508 VVP88-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1391033938.846207368.s17yjvjq>