On Mon, May 06, 2013 at 04:38:19AM +0200, Oliver wrote: > Hi all, > > Currently, the DNPT target is restricted to the mangle table; this means that > it is effectively impossible to utilise NPT in tandem with conntrack since it's > impossible to rewrite the destination prefix prior to conntrack taking a look > at the skb. > > Please consider allowing the use of DNPT from the raw table so that it's > possible to do prefix translation without having to forego the benefits of > conntrack. The raw table doesn't have a POSTROUTING chain, which is where SNPT is performed on order to catch both local and forwarded traffic. If you're using conntrack anyways, why use NPT? The main benefit is that you don't have to use conntrack. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
