I sent an article similar to this a few days ago to c.u.b.freebsd.misc
but didn't get any responses, so I'll try here instead. Please bear
with the long mail... And thanks in advance for any new insights!
I have an IPFW2 firewall and would like to get a few random things
clarified/solved:
FIRS
natd is a daemon userland process which performs way poorly than a kernel
process. its fine for small office/home use, but definately not at the traffic
level you are pushing.
you can consider using ipnat (kldload ipl.ko; man -a ipnat) for NAT rules, and
use ipfw for rest of packet filtering.
hop
I've played around a bit more with my 300 MHz firewall now. Actually,
even if I completely disable natd, and use only a single pass-all
firewall rule, I can't get over about 30 MBps, at 2500 packets per
second, through the machine. (I used netstat -i -b to measure
traffic.)
I tried the link0 opt
I need to forward incoming TCP connections made to my host 192.168.5.3
on the port 3100 to the IP address 10.0.0.101 port 3000 connected
through another interface.
These rules work when connection is made from a remote host:
ipfw -q nat 19001 config redirect_port tcp 10.0.0.101:3000 192.168.5