Jan Engelhardt wrote:
On Thursday 2010-06-17 17:22, Patrick McHardy wrote:
PREROUTING performs DNAT. The purpose is to map the two
identical networks to non-clashing networks. Just consider two
connections from the same source address and port number
to the same destination.
If veth0 has 10.0.0.0/24 and veth1 has 10.0.0.0/24,
wouldn't Linux's ARP mechanism already be confused, in
that it only sends ARP to the first network matching
the subnet?
This patch is intended to be used *without* looping packets through
veth. But good point, I chose that example to simplify things, the
use case I'm interested in is actually tunnels. Apparently it wasn't
the best possible example :)
Now you completely lost me. Without separate namespaces and veth
to exchange packets between them,
# ip a
8: iptnl1: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/ipip 5.6.7.8 peer 1.2.3.4
inet 10.0.0.1/24 scope global iptnl1
9: iptnl2: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/ipip 5.6.7.8 peer 9.10.11.12
inet 10.0.0.1/24 scope global iptnl2
# ip r
10.0.0.0/24 dev iptnl1 proto kernel scope link src 10.0.0.1
10.0.0.0/24 dev iptnl2 proto kernel scope link src 10.0.0.1
will lead to exclusive delivery to iptnl1 for packets that originate
from the router itself.
...
Seems sufficient.
How is that sufficient for talking to both networks?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
