Hi, I'm working on a firewall (reveresed-proxy) that needs to provide the "foreign connection" feature , my firewall read the requests from clients, and passes on the requests to the server , so i'm using the foreign-connect so that the server sees the real client's IP It seems that i have some performance problems: - On kernel 2.6.15 , even without the TPROXY patches i get lousy performance , it seems that this is a well known bug with E1000 drivers , so i can't use this kernel - On kernel 2.6.10 + tproxy 2.0.1 , i got nice results without the tproxy patch, but when i added the tproxy - i got lousy performance - On kernel 2.6.14.7 + tproxy 2.0.3 , i got great results without the tproxy patch (4500 trans/sec) , but when i added the tproxy - it was 3 times slower (1500 trans/sec) with many "failed to create a socket" errors Now, since i would like to stick with the (almost) latest versions, i believe that 2.6.14.7 is enough for me, but i would appreciate to know : 1. are there any knows performance issues with the 2.6.14.7 kernel or with the tproxy-2.0.3 ? 2. my "kernel config" uses the following settings: CONFIG_NETFILTER=y CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_TPROXY=y CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y do i need all these settings to get the "foreign-connect" or can i skip some and gain better results ? thank you very much, zvi ferents