Graham Johnston wrote: > With the current discuss of "Performance of CentOS as a NAT gateway", I > am curious how many people out there are using CentOS as a > Router/Firewall in an enterprise or service provider environment. For > myself I am not really concerned about NAT just a stateful firewall. For stateful firewalls, one should use OpenBSD and pf if . netfilter has caught up on the stateful side with tcp window tracking but I do not think that support is in Centos 4 and below. Centos 5 should have it. > > The other half of my questions is about performance. I have read many > articles and posts on the net about performance tuning but they all seem > to be about tuning a single host, not a router. Does any have any tips > in this area? Is tuning even required. If it is a natting firewall, forget about performance. There is a maximum to natting support beyond configuring the maximum number of connections being tracked. Bridging stateful firewalls will find OpenBSD both more stable and better performing. Non-natting stateful firewalls no comment sorry. > > For the sake of the conversation lets assume I am referring to CentOS 5. For full stateful support, we would have to. All previous Centos only offer connection tracking.