On Tue, 16 Sep 2003, Cedric Blancher wrote: > > See documentation at : > > http://www.suse.de/~mha/linux-ip-nat/diplom/nat.html > > With 2.2 kernels, one was able to achieve simple NAT with iproute, but > it was far from flexible. > Yupp, not as flexible, but much faster than netfilter NAT. It doesn't rely on any kind of connection tracking at all, which is part problem, part good thing. Good thing is, you get much lower overhead (and hence can shovel more packets through), bad thing is, it gets less flexible, and it isn't secure per se (doesn't track, and hence no knowledge about 3-way handshakes, and no filtering). Of course, it may suite much better on a router I assume, and if you want filtering like that, you may as well run netfilter NAT anyways. > I must admit that, even if this option is activated into my kernel, I > don't use it at all. > ---- Oskar Andreasson http://www.frozentux.net http://iptables-tutorial.frozentux.net http://ipsysctl-tutorial.frozentux.net mailto:blueflux@xxxxxxxxxxx
