Re: Difference between DNAT and TPROXY
Balazs Scheidler wrote:
NAT _is_ needed as redirection is implemented using NAT. TCP sessions are conntracked and this have to be so.
Yes, of course. I only worried about the overhead of the double-conntracking and did not think to the end, that it is really needed twice ;-(. Thanks, Jan Tegtmeier
On Thu, Jul 03, 2003 at 06:00:03PM +0000, jan@tegtmeier.de wrote:
Balazs Scheidler wrote:
NAT _is_ needed as redirection is implemented using NAT. TCP sessions are conntracked and this have to be so.
Yes, of course. I only worried about the overhead of the double-conntracking and did not think to the end, that it is really needed twice ;-(.
apart from the kernel memory load, it should not cause real problems if you double the conntrack hash size (ip_conntrack module parameter) -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
jan@tegtmeier.de