REDIR2                       PORTFW
Place           user-space                   kernel
                                            
Method          connection "bouncing         reversed masq "spot"
                  at firewall"                
                                            
Pros            . easy installation          . fast, low-resource
                . no kernel-side support       consumption
                  needed                     . load-balacing in LAST
                . load-balancing               patch-sets
                                             **internal servers SEE conns
                                               from ACTUAL client **
                                            
Cons            . 1 process/connection       . kernel-patch needed for 2.0
                **internal servers SEE       . masquerader timeout
                  ALL connects from            handling may affect
                  firewall (NO WAY :)          total available connects
                  thus turning access        . usable, but still under
                  logs useless **              devel/test (THE Linux way ;)
                . process-handling:          . LOCAL (@firewall) redirection
                  susceptible to scheduling    not available
                  issues                          
Resource        1 process/connection         1 masq entry/connection
usage                                          limited to max. masq
                                               entries


--
Resources:
   Linux 2.0: kernel patch and "portfw" utility
      http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html
   Linux 2.1: "ipmasqadm" utility
      http://juanjox.home.ml.org