Good evening, Antti, On Sat, 15 Nov 2003, Antti Korpela wrote: > I have here some questions and i hope you have some time to answer > > 1. What difference and which is better between: iptables -t nat -j > MASQUERADE or SNAT --to IP if im using it for internet gateway > NAT-machine in big LAN-parties, over 300 IP:s. MASQUERADE is for situations where your outside IP address changes; most commonly used for modem connections. If your outside address is static, use SNAT. http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html > 2. I have get this error often "too much work on eth0, dropping I _think_ this is a better question for the linux-net mailing list. I have a sense this is an internal problem with the network card driver and not with netfilter. You might see if a newer kernel is available, or even consider using the 2.6.x test kernels; they're probably able to scale better. > packet..." what this mean? do i have to put this on kernel: echo "65000" > > /proc/sys/net/ipv4/ip_conntrack_max ? is there any other solutions for > this ? I don't think this is related. > 3. Do you have some other tips for MASQ ? :) I tend to include this line in /etc/modules.conf to increase the connection table size (not sure if it's truly required anymore): options ip_conntrack hashsize=16384 Cheers, - Bill --------------------------------------------------------------------------- "Scattered showers my ass!" -- Noah (Courtesy of "Michael B. Trausch" <mtrausch@xxxxxxxxx>) -------------------------------------------------------------------------- William Stearns (wstearns@xxxxxxxxx). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org Linux articles at: http://www.opensourcedigest.com --------------------------------------------------------------------------
