In message <[EMAIL PROTECTED]>, dive writes: > I don't know if its my particular setup that makes ipnat faster, or just the > fact that with > ipnat the NAT is done in the kernel not in a daemon - I haven't tested ipnat > vs. natd on > any other setup yet since I just started using ipnat. It's been my experience that ipnat is easier to setup than natd when redirecting ingress packets to specific ports. Performance-wise, I would think that ipnat would be faster, as packets don't have to get shuffled through a userland process, they just stay in the kernel. Natd on the other hand is more flexible because filtering can be done before NAT. IMO IPFW/natd and IPF/IPNAT are two different tools with ever so slightly different applications. Thats the beauty of FreeBSD: You have a choice of which tools in the FreeBSD toolbox you want to use to solve any particular problem. The fact that IP Filter lives in the contrib directory, just like all of the GPLed applications do, allows FreeBSD Inc. to keep truly base system code separate from contributed base code that does not integrate that well for various reasons (one reason being licensing). My vote is to keep IP Filter in the base system and failing that keep it as a port. As IP Filter does touch some code in /usr/sys, installing IP Filter separately can potentially break buildworld. Moving IP Filter to ports would increase the likelihood of consistent breakage when IP Filter is installed. As it stands now, with IP Filter in contrib and integrated into the system buildworld works and can be made to work by replacing contrib/ipfilter with the latest IP Filter and building world. This is very handy when maintaining multiple machines at separate customer sites where NFS and FTP of /usr/obj are not an option. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: [EMAIL PROTECTED] Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Should IPFilter be pulled from FreeBSD as well
Cy Schubert - ITSD Open Systems Group Thu, 31 May 2001 07:28:22 -0700
- Re: Should IPFilter be pulled from F... Valeriy E. Ushakov
- Re: Should IPFilter be pulled f... Thomas T. Veldhouse
- Re: Should IPFilter be pull... David W. Chapman Jr.
- Re: Should IPFilter be ... Andrew Tulloch
- Re: Should IPFilter... David W. Chapman Jr.
- Re: Should IPFilter be pull... Christoph Sold
- Re: Should IPFilter be ... Christoph Sold
- Re: Should IPFilter be pull... Stephen D. Spencer
- Re: Should IPFilter be ... Stephen Montgomery-Smith
- Re: Should IPFilter be pulled from F... Christoph Sold
- Re: Should IPFilter be pulled from F... Cy Schubert - ITSD Open Systems Group
- Re: Should IPFilter be pulled from F... Nate Williams
- Re: Should IPFilter be pulled f... Nate Williams
