On Fri, 2012-01-06 at 06:15 +0100, Anton Melser wrote: > If the only way to do the NAT is with 1600 rules then I'll stop > looking elsewhere, thanks! I think it probably is the only option from what you've said, especially given the variety of different networks you have. I can't comment on the performance though, which was one of your original questions. > There is also the matter of routing though. I agree that this question > is more an iproute2 issue, and could/should be better asked on the > iproute2 list. Well, there isn't really an iproute2 list as such... There's netdev and LARTC, both also hosted at VGER, but by all means try your question here if you'd like. > In my mind marking the packets for ToS or fwmark was > actually for use at the routing level. Sounds like the way to go. Gives you plenty of flexibility. > ps. I'll do a blog post when I get a coherent config set up and post > back here for reference and your comments. It will need failover using > connection tracking so could end up being a nice little article. That would be excellent. The more "real life" examples there are, the better. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
