[Shorewall-users] Large number of SNAT'd addresses loads very slowly

Tom Eastep teastep at shorewall.net
Wed Dec 10 15:27:02 PST 2003


On Wednesday 10 December 2003 02:16 pm, you wrote:
> Tom -
>
> On Wednesday 10 December 2003 15:14, Tom Eastep wrote:
> > I'm saying to do that WITHOUT ADDING THE ADDRESSES to the tunnel
> > interface! I don't believe that they serve any purpose.
> >
> > -Tom
>
> I've tried without adding the addresses.  It doesn't work.  The route table
> ends up looking something like this on our central VPN server:
>
> 

Routes and aliases have *nothing* to do with one another:

a) Leave the routing the way it is.
b) Leave all NAT the way it is.
c) Just don't add the 100s of extra addresses to the tun* interface.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list