significantly slow IPFW + NATD + amd64
Ian FREISLICH
ianf at clue.co.za
Mon Sep 6 08:49:36 UTC 2010
Peter Reo Molnar wrote:
> Hello,
>
> I tried setup NAT with IPFW, compiled my kernel and I found that there
> is very slow connection.
> After I disabled NAT and IPFW then speed was increased.
>
> 64-bit FreeBSD 9-CURRENT :
> With IPFW: 1.2 MB/sec
> Without IPFW: 33 MB/sec
>
>
> my ipfw work with i386 (stable) without speed decreasing:
>
> fw.test.conf:
> -f flush
> add 00050 divert 8668 ip4 from any to any via re0
> add 00100 allow ip from any to any via lo0
> add 00200 deny ip from any to 127.0.0.0/8
> add 00300 deny ip from 127.0.0.0/8 to any
This looks like you're using the old style NAT - divert to userland.
That has always performed poorly. Perhaps not as poorly as this
though. How much CPU is natd consuming?
Have you considered using in-kernel NAT? See the 'NETWORK ADDRESS
TRANSLATION' section in the ipfw manual. It's worth a try.
Ian
--
Ian Freislich
More information about the freebsd-current
mailing list