El vie, 22-04-2005 a las 17:12 -0500, Taylor, Grant escribiÃ: > Are there any merits to using REDIRECT over (or under) DNAT when redirecting traffic back to the box that is doing the redirecting? Reference Alejandro Villarroel's post (and thread) at https://lists.netfilter.org/pipermail/netfilter/2005-April/059942.html. > > I responded with an email stating to REDIRECT the traffic only moments after Jason Opperisano responded stating to DNAT the traffic. I'm just curious if any one knows of any performance benefits / penalties for using REDIRECT vs. DNAT. I don't really know for sure, but I suppose that if DNAT to the same machine was better than REDIRECT then REDIRECT would be deprecated. And as is the preferred method for squid proxies and the like I suppose REDIRECT is the way to go. I've always used REDIRECT and it has a very very low performance penalty, so I've never tried DNAT to the same machine. But I would like to hear Jason Opperisano about this. He knows far more than I about Netfilter. > Grant. . . . Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
