John R Pierce wrote:
Masry Alex wrote:
is there a way to completely disable ip_conntrack ?
without connection tracking, NAT simply won't work.
With recent kernels, it is possible to do 1:1 NAT (mapping one private
address to exactly one public IP alias on the external interface)
without netfilter, but using iproute instead.
It will not work for other kinds of NAT, only for 1:1 mapping.
I forgot the details, but you'll have to build and install the most
recent stable kernel, and probably also update the iproute and iptables
packages to the most recent stable releases. And then you can do 1:1 NAT
with the ip utility. Because NAT is not activated in netfilter,
ip_conntrack is not required.
--
Florin Andrei
http://florin.myip.org/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
