Re: VirtIO/ipfw/natd throughput problem in hosted VM

In reply to: Jim Long : "Re: VirtIO/ipfw/natd throughput problem in hosted VM"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Ian Smith <smithi_at_nimnet.asn.au>
Date: Tue, 30 Jan 2024 03:27:31 UTC

On 30 January 2024 5:38:58 am AEDT, Jim Long <freebsd-questions@umpquanet.com> wrote:
 > On Mon, Jan 29, 2024 at 12:54:49PM -0500, Paul Procacci wrote:
 > >
 > > The most glaringly obvious thing to me is to use in-kernel nat
 > instead of
 > > natd.
 > > Packets won't have to leave the kernel at that point.
 > > It's detailed in ipfw(8).
 > > 
 > > ~Paul
 > 
 > Thank you very much!  Your tip plus some cribbing from:
 > 
 > https://www.neelc.org/posts/freebsd-ipfw-nat/
 > 
 > seems to have taken care of it.
 > 
 > Regards,
 > 
 > Jim

That's great,

but for future reference be sure to

a) only divert 'ip4', not 'ip' packets to natd(8) - i.e. no ipv6 packets.

b) see section BUGS at the end of ipfw(8): you must disable TSO with ifconfig(8) to use ipfw nat, which the above article doesn't mention.

cheers, Ian