I'd like to use iptables to map addressA/portB to addressC/portD. I need to support up to 8000 address/port pairs (can be coming from any address, so I don't think the NETMAP target will suffice). I was planning to use the NAT table and add a DNAT target for each address to change the destination address and a SNAT target to change the source (total of 16000 rules). It's my understanding that iptables uses a linear search and that hipac doesn't support NAT. Does anyone have any opinions on whether iptables will scale to support what I have described? Thanks, Tim
