Hi ni...@y! On Fri, 4 Jun 2010 03:19:41 -0700 (PDT); ni...@y wrote about 'pf nat & ipfw kernel nat & ng_nat - what uses less computer resources?':
> We have a network. Now we are using pf NAT. But we are interested in some > question: > 1. What type of NAT uses less computer resources? > a) pf NAT > b) ipfw kernel NAT > c) NG_NAT ? AFAIK, ipfw nat uses slightly less resources than ng_nat (not significant), and pf uses more reosurces than two others. > 2. BINAT or NAT - what is better? Which one of them is more faster and uses > less computer resources with one of firewall? In theory I think that BINAT > faster than NAT, because there is no necessary to track connections. Not in implementation, it always does. > 3. I know that the firewall PF does not support threads. I read that IPFW is > (in FreeBSD 8.0, for example). But in my test I haven`t seen threads when > used IPFW. Maybe there are some special options to compile kernel or > configure IPFW? For tests I compiled kernel with: There are no special threads for ipfw, it runs in the context of other threads (driver, netisr or swi1, depending on settings and compile options). > 4. I can`t find any information about BINAT in ipfw+ng_nat? Does anyone use > this technology? Or maybe you know interesting information about it? It is no "so binat" as in pf, but it can be emulated. Read these: man natd man libalias man ng_nat and use redirect_address (all three use the same underlying libalias, so even for different implementations techniques are valid). -- WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nucli...@mail.ru [Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight] _______________________________________________ freebsd-performance@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-performance To unsubscribe, send any mail to "freebsd-performance-unsubscr...@freebsd.org"
