Patrick McHardy <kaber@xxxxxxxxx> wrote: Hello Patrick, > Patrick McHardy wrote: >> [NETFILTER]: nf_nat: always select same SNAT source for same host >> >> We've removed the SAME target in 2.6.25-rc since it had 32/64 bit compat >> problems and the NAT core provides the same behaviour regarding IP >> selection. This turned out to be not entirely correct though, the >> NAT core only selects the same IP from a range for the same src,dst >> combination. Some people need the same IP for all destinations however. >> >> The easiest way to do this is to ignore the destination IP when >> doing SNAT. Since we're using jhash, we still get good distribution >> for multiple source IPs. >> >> Tested-by: David Lau <mintypickle@xxxxxxxxx> >> >> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> > > > Please drop this patch for now, David reported some bad distribution > during further tests that I want to look into. Any news on that? We're getting hit by that issue (ICQ fails to login, amongst others). In 2.6.25, but I did not see any patch in recent kernels that changes this. Bernhard -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
