On Thu, Feb 7, 2013 at 9:44 AM, Stuart Henderson <s...@spacehopper.org>wrote:
> On 2013/02/07 09:26, sven falempin wrote: > > egress, vr0 ext are all the same, arent they ? > > Probably, but you didn't give enough information to be sure. > > For example if you have IPv6 via a tunnel interface (or perhaps > more importantly, if you later add it), then that will also be > in the egress group but might not have an IPv4 address and I > haven't tested to see how that works. Or if you have a lower > priority default route via another interface that you didn't > mention, then that could also be in 'egress'. Perhaps unlikely > but without the information I don't want to make assumptions. > > (Personally I do like using interface groups where I'm referring > to the interface, but try and tie things down a bit further for > IP addresses especially for NAT). > > My problem is the time between an address ip change on an interface and the nat rules actually use the new address. For my rules i am happy with my ext, but i will test vr0 see if it is faster. Or maybe dive into the source if i am bored. -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\
