On Wed, 8 May 2013 23:32:16 +0200 (CEST) Jan Engelhardt <jengelh@xxxxxxx> wrote: > The only way to solve the NAT problem is to do without it. > Full NAT is not simple at all, it requires DPI. > RAWNAT is just a dumb l3addr replacer and does not help > getting multi-connection sessions (such as 959ish FTP) going. Well, in means of full nat - yes. I have no statistics of how people use nf_nat/xt_RAWNAT, but in my tasks I have a lot of packets that do not need DPI. xt_RAWNAT works great and nf_nat led to packet loss. It probably was because of main conntrack lock. Yes, I read it was removed not long ago, and haven't tested it since then, but anyway I do not want to use such a monster just to change 2-3 fields of packet. Just an use case, decision is up to you =). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
