Nu cred ca are sens sa ma complic cu module aiurea. Prefer sa cumpar adrese ip. Cred ca se rezolva problema mult mai elegant si mai repede. Sper sa fie de aici buba.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cristian Mitrana Sent: 26 aprilie 2005 23:36 To: [email protected] Subject: [rlug] Re: Cpu load problem * Tarhon-Onu Victor <[EMAIL PROTECTED]> [26-04-05 19:42]: > On Tue, 26 Apr 2005, Florin Anton wrote: > > > daca masina aia ma ajunge prea mult, prefer sa cumpar 2-3 clase PI si scap > > de snat/dnat. M-ar ajuta chestia asta ? > > Asta ar fi a 5-a solutie (pe care am uitat s-o scriu) si ar fi > iarasi una foarte buna. Sau chiar clase PA de la providerul tau, orice > doar sa scapi de nat. > Incearca sa folosesti si regula de NOTRACK din iptables: <quote> The NOTRACK target can be used to select which packets *not* to enter the conntrack/NAT subsystems. Please keep in mind: if you mark a packet with NOTRACK, then: - all the conntrack functionalities are lost for the packet (ICMP error tracking, protocol helpers, etc) - all the NAT functionalities are also lost. Packets marked with NOTRACK can be matched by the 'UNTRACKED' state using the state or conntrack matches. </quote> In felul asta poti include in NAT doar ce trebuie si poti elibera din resursele mancate de ip_conntrack. mitu --- Detalii despre listele noastre de mail: http://www.lug.ro/ --- Detalii despre listele noastre de mail: http://www.lug.ro/
