[tproxy] Re: Difference between DNAT and TPROXY
Balazs Scheidler
bazsi@balabit.hu
Fri, 4 Jul 2003 14:04:23 +0200
On Thu, Jul 03, 2003 at 06:00:03PM +0000, jan@tegtmeier.de wrote:
> Balazs Scheidler wrote:
>
> >NAT _is_ needed as redirection is implemented using NAT. TCP sessions are
> >conntracked and this have to be so.
>
> Yes, of course. I only worried about the overhead of the
> double-conntracking and did not think to the end, that it is really needed
> twice ;-(.
apart from the kernel memory load, it should not cause real problems if you
double the conntrack hash size (ip_conntrack module parameter)
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1