DNAT/SNAT efficiency?

Nolan, Timothy timothy.nolan at verso.com
Wed Sep 1 16:42:37 CEST 2004

I'd like to use iptables to map addressA/portB to addressC/portD. I need to support up to 8000 address/port pairs (can be coming from any address, so I don't think the NETMAP target will suffice). I was planning to use the NAT table and add a DNAT 
target for each address to change the destination address and a SNAT target to change the source (total of 16000 rules).

It's my understanding that iptables uses a linear search and that hipac doesn't support NAT. Does anyone have any opinions on whether iptables will scale to support what I have described?


More information about the netfilter mailing list