Zitat von art <art@xxxxxxxxxx>:
Hello all, I have some problem with using iptables: I work with Infineon ADM5120 SOC. It has MIPS32 4KC processor(200MHz), embedded ADM5120 switch (with 4 100Mbit interfaces). I get embedded Linux OS work on it. I test network bandwidth without iptables enabled in kernel - result 80Mbit/s. When I enable Connection tracking (I need NAT) & iptables and test WITOUT ANY RULES - bandwidth was near 35-40Mbi/s. Then I make several tests and find that most bandwidth reduction occurs when enabling Connection tracking. It's wery upset fact. What can be done with this? Can I get version where NAT not depend on Connection tracking?
For performance see http://people.netfilter.org/kadlec/nftest.pdf For NAT without conntrack use NOTRACK or disable connection tracking at all. Regards Andreas
