Re: IPFW with user-ppp's NAT

Erik Trulsson wrote: On Sun, Mar 16, 2008 at 04:37:18PM +0100, Wojciech Puchar wrote: Frankly I'm a bit surprised that this hasn't been more widely heralded, as userland natd is often given as a reason to prefer other firewalls, what's wrong in userland natd? Performance. With userland natd,

Re: IPFW with user-ppp's NAT

On Sun, 16 Mar 2008 18:20:12 +0100 (CET) Wojciech Puchar <[EMAIL PROTECTED]> wrote: > >> > >> what's wrong in userland natd? > > > > Performance. With userland natd, every packet that passes through natd > > must pass from kernel to userland (causing one context switch) and back > > again (

Re: IPFW with user-ppp's NAT

what's wrong in userland natd? Performance. With userland natd, every packet that passes through natd must pass from kernel to userland (causing one context switch) and back again (causing another context switch). This will be slower and use more CPU than doing it all inside the kernel, witho

Re: IPFW with user-ppp's NAT

On Sun, Mar 16, 2008 at 04:37:18PM +0100, Wojciech Puchar wrote: >> Frankly I'm a bit surprised that this hasn't been more widely heralded, >> as userland natd is often given as a reason to prefer other firewalls, > > what's wrong in userland natd? Performance. With userland natd, every packet t

Re: IPFW with user-ppp's NAT

Frankly I'm a bit surprised that this hasn't been more widely heralded, as userland natd is often given as a reason to prefer other firewalls, what's wrong in userland natd? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailma

Re: IPFW with user-ppp's NAT

On Sat, 15 Mar 2008 21:16:12 -0500 Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (Mar 16), Razmig K said: > > With IPFW enabled in the kernel, I'd like to use the NAT functionality of > > user-ppp instead of natd. Do I need the IPDIVERT option in the kernel and > > the special a

Re: IPFW with user-ppp's NAT

In the last episode (Mar 16), Razmig K said: > With IPFW enabled in the kernel, I'd like to use the NAT functionality of > user-ppp instead of natd. Do I need the IPDIVERT option in the kernel and > the special arrangement of divert and skipto rules in the ruleset? Or, a > non-NATed ruleset (as

IPFW with user-ppp's NAT

Hello, With IPFW enabled in the kernel, I'd like to use the NAT functionality of user-ppp instead of natd. Do I need the IPDIVERT option in the kernel and the special arrangement of divert and skipto rules in the ruleset? Or, a non-NATed ruleset (as demonstrated in handbook section 28.6.5.6)