On Wednesday 2013-05-08 17:12, Dmitry Popov wrote: > >> With nf_nat having gained IPv6 support, I also feel less inclined to >> keep xt_RAWNAT around. > >nf_nat depends on conntrack and conntrack brings a huge overhead to >such a simple task like NAT. xt_RAWNAT simply solves NAT problem, it >definitely has to stay. The only way to solve the NAT problem is to do without it. Full NAT is not simple at all, it requires DPI. RAWNAT is just a dumb l3addr replacer and does not help getting multi-connection sessions (such as 959ish FTP) going. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
