nf_conntrack & NAT
bazsi at balabit.hu
Sun Nov 27 09:42:00 CET 2005
On Sun, 2005-11-27 at 00:52 +0100, Patrick McHardy wrote:
> Yasuyuki KOZAKAI wrote:
> > From: Krzysztof Oledzki <olenf at ans.pl>
> > Date: Wed, 23 Nov 2005 14:44:01 +0100 (CET)
> >>Oh. So how we are going to make transparent proxy, port redirects, etc
> > At first, I will not implement IPv6 NAT at least, but I don't know
> > what other people think.
> > And about transparent proxy, port redirects, load balancer, and so on,
> > indeed currently we seems that we don't have smarter and de facto standard
> > solutions.
> > I wonder why they haven't come up yet, but anyway, I believe people can
> > develop smarter solutions than copied and pasted IPv4 NAT (It's possible that
> > just I don't know them and someone might have already developed them).
> > I think it's still early to give up on.
> Transparent proxying can be done with tproxy without NAT (I'm not
> sure how far along their new patches are), the idea is to exchange
> the dst_entry of the skb instead of rewriting packets.
Far from being complete, but I've tested all the necessary functions
individually for IPv4/TCP (established connection + port redirection,
the latter seemed a show-stopper back at the workshop, but can be
More information about the netfilter-devel