[tproxy] Re: Difference between DNAT and TPROXY

Balazs Scheidler bazsi@balabit.hu
Fri, 4 Jul 2003 14:04:23 +0200

On Thu, Jul 03, 2003 at 06:00:03PM +0000, jan@tegtmeier.de wrote:
> Balazs Scheidler wrote:
> >NAT _is_ needed as redirection is implemented using NAT. TCP sessions are
> >conntracked and this have to be so. 
> Yes, of course. I only worried about the overhead of the 
> double-conntracking and did not think to the end, that it is really needed 
> twice ;-(. 

apart from the kernel memory load, it should not cause real problems if you
double the conntrack hash size (ip_conntrack module parameter)

PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1