 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Thu, Sep 26, 2002 at 09:19:58AM -0400, Patrick R. McManus wrote: > yesterday someone (I'm sorry, I forget who) on this list was asking > about the scaling properties of a linux box running NAT for a T3 > (plus) worth of data. That would be me... :) > I'll forward the annoucement below of a iptables replacement that > claims to do rule processing much better for high numbers of rules.. I > haven't installed it yet. Thanks for the info. If nothing else, I'll be looking into the iperf network performance tool they link to. We were originally considering running a masquerading/netfilter box, but we're now leaning in the direction of configuring iptables on a bridge. Reason being we can use spanning tree to provide failover if the filtering box breaks down. This is possible, but requires patching a 2.4.19 kernel to hook iptable support into the bridging code. The nf-hipac stuff looks good, but probably doesn't hook into bridging (yet). http://bridge.sourceforge.net/docs/bridge-firewall.html -- Ron Peterson -o) 87 Taylor Street /\\ Granby, MA 01033 _\_v https://www.yellowbank.com/ ----
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
