On Tuesday 11 August 2009 09:22:17 Steve Brown wrote:
> > I always *NAT in PREROUTING and MASQUERADE in POSTROUTING if
> > needed.
>
> According to the manpage for iptables, SNAT is only valid in the
> POSTROUTING chain. Is this incorrect?
MASQUERADE is a form of SNAT (source NAT). SNAT is done in the
POSTROUTING chain.
> > Have never seen any such performance drop on multiple NIC.
>
> Neither have I, which is why this is bothering me.
I can't really comment on this. You might consider doing some
troubleshooting to test your hypothesis, such as tcpdump(1) of some
poor-performing connections. You haven't posted anything here which
lends credence to it.
On Monday 10 August 2009 16:43:14 you wrote:
> I'm running a custom 2.6.30.3 kernel.
Do the same symptoms manifest when you're running the distro kernel?
The custom kernel would be a possible suspect.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
