On Thursday 2010-06-17 09:55, Patrick McHardy wrote: >Jan Engelhardt wrote: >> On Thursday 2010-06-17 09:44, Patrick McHardy wrote: >> >>> Jan Engelhardt wrote: >>> >>>> I am not sure I follow whatever this is supposed to do. >>>> >>>> Packet from eth0: src=10.0.0.15 dst=10.0.1.22 >>>> INPUT#NETMAP will dst transform that to dst=10.0.0.22 >>>> >>> nat/INPUT performs source NAT, not destination NAT. >>> >>> >>>> POSTROUTING#NETMAP will src transform that to src=10.0.0.15 >>>> >>>> Is is this step that makes no sense to me. >>>> >>> Does it make sense now? >>> >> >> Somewhat, but there's still >> >> >>>>> However this doesn't work for packets destined for the >>>>> machine performing NAT itself >>>>> >> >> Why would it not? What would cause misdelivery if PREROUTING >> was used instead of INPUT? >> > >PREROUTING performs DNAT. The purpose is to map the two >identical networks to non-clashing networks. Just consider two >connections from the same source address and port number >to the same destination. > If veth0 has 10.0.0.0/24 and veth1 has 10.0.0.0/24, wouldn't Linux's ARP mechanism already be confused, in that it only sends ARP to the first network matching the subnet? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
