[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: nf_conntrack & NAT
From:       Balazs Scheidler <bazsi () balabit ! hu>
Date:       2005-11-27 8:42:00
Message-ID: 1133080920.8245.1.camel () bzorp ! balabit
[Download RAW message or body]

On Sun, 2005-11-27 at 00:52 +0100, Patrick McHardy wrote:
> Yasuyuki KOZAKAI wrote:
> > From: Krzysztof Oledzki <olenf@ans.pl>
> > Date: Wed, 23 Nov 2005 14:44:01 +0100 (CET)
> > 
> >>Oh. So how we are going to make transparent proxy, port redirects, etc 
> >>possible?
> > 
> > 
> > At first, I will not implement IPv6 NAT at least, but I don't know
> > what other people think.
> > 
> > And about transparent proxy, port redirects, load balancer, and so on,
> > indeed currently we seems that we don't have smarter and de facto standard
> > solutions.
> > 
> > I wonder why they haven't come up yet, but anyway, I believe people can
> > develop smarter solutions than copied and pasted IPv4 NAT (It's possible that
> > just I don't know them and someone might have already developed them).
> > I think it's still early to give up on.
> 
> Transparent proxying can be done with tproxy without NAT (I'm not
> sure how far along their new patches are), the idea is to exchange
> the dst_entry of the skb instead of rewriting packets.

Far from being complete, but I've tested all the necessary functions
individually for IPv4/TCP (established connection + port redirection,
the latter seemed a show-stopper back at the workshop, but can be
solved)

-- 
Bazsi


[prev in list] [next in list] [prev in thread] [next in thread]