REDIR2 PORTFW Place user-space kernel Method connection "bouncing reversed masq "spot" at firewall" Pros . easy installation . fast, low-resource . no kernel-side support consumption needed . load-balacing in LAST . load-balancing patch-sets **internal servers SEE conns from ACTUAL client ** Cons . 1 process/connection . kernel-patch needed for 2.0 **internal servers SEE . masquerader timeout ALL connects from handling may affect firewall (NO WAY :) total available connects thus turning access . usable, but still under logs useless ** devel/test (THE Linux way ;) . process-handling: . LOCAL (@firewall) redirection susceptible to scheduling not available issues Resource 1 process/connection 1 masq entry/connection usage limited to max. masq entries -- Resources: Linux 2.0: kernel patch and "portfw" utility http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html Linux 2.1: "ipmasqadm" utility http://juanjox.home.ml.org