On Thu, 21 Jul 2005, Jan Engelhardt wrote: > >local process -> routing -> OUTPUT chain -> routing -> POSTROUTING chain > > > >No problem with policy routing for the locally generated traffic. > > This sounds like a total overhead calculating the route twice. The first one is required to fill out output device for the packet. The second one is there to give chance to play with routing in OUTPUT. This is traffic, generated locally, on the firewall. You should run nothing on your firewall ;-) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
