Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

iptables SNAT vs MASQUERADE performance differences?

760 views
Skip to first unread message

Wes Hamilton

unread,
May 11, 2001, 2:31:40 PM5/11/01
to
I've recently converted from RH6.2 w/ipchains to RH7.1
w/iptables and was quite excited about moving beyond
many-to-1 NAT.
However, I can't seem to figure out why this command
works great:

******
iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE
(where eth3 is x.x.x.196/26)
******

whereas the following is so much slower it causes
timeouts (incomplete http, crashes due to timeouts
with custom client/server system, etc.):

******
iptables -t nat -A POSTROUTING -o eth3 -j SNAT --to
x.x.x.200-x.x.x.219
(where eth3 is x.x.x.196/26, and aliases eth3:0
through eth3:19 are x.x.x.200-219/26)
******

Perhaps I am not allowed to specifiy '-o eth3' when
aliases are involved? If not, what's the best
alternative approach (--dst x.x.x.x, etc.)?

Any help would be greatly appreciated!
Wes

Wes Hamilton
wcham...@yahoo.com


__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

--
Posted from web9208.mail.yahoo.com [216.136.129.41]
via Mailgate.ORG Server - http://www.Mailgate.ORG

Wes Hamilton

unread,
May 11, 2001, 2:56:31 PM5/11/01
to
I just realized this problem may be due to the way I
was adding aliases.
creating /etc/sysconfig/network-scripts/ifcfg-eth3:0
(through eth3:19)

perhaps this would work:
ip add addr x.x.x.x dev eth3

So assuming this fixes the performance problem, my
question becomes:
how do you do this with a
/etc/sysconfig/network-scripts entry?
(I want these additional addresses to automatically
come up before /etc/rc.d/init.d/iptables loads my
config)

--Wes

Wes Hamilton
wcham...@yahoo.com

--
Posted from web9205.mail.yahoo.com [216.136.129.38]

Amy Zahn

unread,
May 14, 2001, 1:21:02 AM5/14/01
to
Wes,

Its pretty easy to get these commands to come up when you want them to
during startup, and in a certain order. What you do is (because RH is an RC
setup) create a script with all the commands that you want to execute. Then
move that script into /etc/rc.d/init.d/...after that, you create a symlink
in /etc/rc.d/rc3.d and the format is like this S85ipalias

S=start
85=run lvl (in order, from lowest to highest on runlvl 3) this would run
after 84 etc
ipalias=any name you want, I'd call the script /etc/rc.d/init.d/ipalias and
link to that

All you need to do is make sure that the number you put there is higher than
networking and lower than your iptables script, and you should be all set!

Hope this helps,

Dave T.

Wes Hamilton <wcham...@yahoo.com> wrote in message
news:200105111856...@web9205.mail.yahoo.com...

0 new messages