On Sat, Apr 21, 2001 at 03:32:29AM +0300, Alex Shnitman wrote: > Hi, > > These seems to be some duplicate functionality in iproute2 and > netfiler. Some of it is more or less reasonable (e.g. policy routing > based on parameters like source IP in iproute2, which could also be > accomplished by marking packets in iptables and then using the "fw" > classifier in iproute2), but the fact that NAT exists in both packages > doesn't make sense to me. (I'm talking about "ip rule add type nat" > and "iptables -t nat".) Is it actually the same NAT implementation? If It is not the same NAT implementation. > it is, why is it controlled from both places? And if it isn't, why is > NAT implemented twice? And which one should be used? The iproute2 one is a very simple stateless N:N NAT that doesn't do any protocol translation (i.e. ftp doesn't work very well) netfilter has stateful N:M NAT with protocol translation and other features. If you can use it the stateless NAT is preferable because it's faster, but most people cannot use it. -Andi - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
