Re: hidden interface (ARP) 2.4.20

Stephan von Krawczynski (skraw@ithnet.com)
Fri, 6 Dec 2002 18:52:23 +0100


On Fri, 6 Dec 2002 07:01:35 +0100
Willy Tarreau <willy@w.ods.org> wrote:

> On Fri, Dec 06, 2002 at 12:59:38AM +0100, Roberto Nibali wrote:
> <snip>
> > Oops, right. I forgot the HW LBs that do triangulation. I wonder
> > however, why one wants to use a HW LB and not configure it to work in
> > NAT mode.
>
> Because when you have to deal with thousands of session per second, NAT is
> really a pain in the ass. When you have to consider security, NAT is a pain
> too because it makes end to end tracking much more difficult when you deal
> with multiple proxy levels.

Oh, a poor soul who experienced my everyday life ... ;-)
netfilter-NAT may be a real nice choice for your-cool-server-at-home. Talking
about many thousand NATted sessions you may as well flush it through the
toilet. sorry for the open words.
In complete contrary I have _never_ experienced problems with the hidden patch
(after correct setup of the boxes). And for another reason: it is plain simple.

-- 
Regards,
Stephan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/