* Tarhon-Onu Victor <[EMAIL PROTECTED]> [26-04-05 19:42]: > On Tue, 26 Apr 2005, Florin Anton wrote: > > > daca masina aia ma ajunge prea mult, prefer sa cumpar 2-3 clase PI si scap > > de snat/dnat. M-ar ajuta chestia asta ? > > Asta ar fi a 5-a solutie (pe care am uitat s-o scriu) si ar fi > iarasi una foarte buna. Sau chiar clase PA de la providerul tau, orice > doar sa scapi de nat. >
Incearca sa folosesti si regula de NOTRACK din iptables: <quote> The NOTRACK target can be used to select which packets *not* to enter the conntrack/NAT subsystems. Please keep in mind: if you mark a packet with NOTRACK, then: - all the conntrack functionalities are lost for the packet (ICMP error tracking, protocol helpers, etc) - all the NAT functionalities are also lost. Packets marked with NOTRACK can be matched by the 'UNTRACKED' state using the state or conntrack matches. </quote> In felul asta poti include in NAT doar ce trebuie si poti elibera din resursele mancate de ip_conntrack. mitu --- Detalii despre listele noastre de mail: http://www.lug.ro/
