Adam Richards wrote:
I need to be able to create *stateless* nat rules for at least
150,000 entries, potentially to grow to 1/2million entries. The
reason has to do with being able to work in an asymetric routing
environment -- stateless nat must be used because traffic might not
egress
¿anybody knows?
--
Thanks,
Jordi Espasa Clofent
On Tue, Apr 08, 2008 at 11:59:11PM -0700, Adam Richards wrote:
Maybe a pf.conf knob that allows me to turn off stateful tracking
for a particular nat on iface ... rule?
Ah, you keep mentioning 'nat' and 'rdr', which confused me before, but I
guess what you're actually talking about is called
On Wed, Apr 09, 2008 at 05:36:57PM +0900, Ryan McBride wrote:
You're right, it should be relatively easy to give binat a 'no state'
option...
Try the attached diff, eg:
binat on egress from 192.168.100.1 to any - 10.99.99.99 no state
Index: sys/net/pf.c
