[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter-devel
Subject: Re: nf_conntrack & NAT
From: Balazs Scheidler <bazsi () balabit ! hu>
Date: 2005-11-27 8:42:00
Message-ID: 1133080920.8245.1.camel () bzorp ! balabit
[Download RAW message or body]
On Sun, 2005-11-27 at 00:52 +0100, Patrick McHardy wrote:
> Yasuyuki KOZAKAI wrote:
> > From: Krzysztof Oledzki <olenf@ans.pl>
> > Date: Wed, 23 Nov 2005 14:44:01 +0100 (CET)
> >
> >>Oh. So how we are going to make transparent proxy, port redirects, etc
> >>possible?
> >
> >
> > At first, I will not implement IPv6 NAT at least, but I don't know
> > what other people think.
> >
> > And about transparent proxy, port redirects, load balancer, and so on,
> > indeed currently we seems that we don't have smarter and de facto standard
> > solutions.
> >
> > I wonder why they haven't come up yet, but anyway, I believe people can
> > develop smarter solutions than copied and pasted IPv4 NAT (It's possible that
> > just I don't know them and someone might have already developed them).
> > I think it's still early to give up on.
>
> Transparent proxying can be done with tproxy without NAT (I'm not
> sure how far along their new patches are), the idea is to exchange
> the dst_entry of the skb instead of rewriting packets.
Far from being complete, but I've tested all the necessary functions
individually for IPv4/TCP (established connection + port redirection,
the latter seemed a show-stopper back at the workshop, but can be
solved)
--
Bazsi
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic