On Mon, May 13, 2013 at 01:50:20PM +0400, Dmitry Popov wrote: > On Wed, 8 May 2013 23:32:16 +0200 (CEST) > Jan Engelhardt <jengelh@xxxxxxx> wrote: > > > The only way to solve the NAT problem is to do without it. > > Full NAT is not simple at all, it requires DPI. > > RAWNAT is just a dumb l3addr replacer and does not help > > getting multi-connection sessions (such as 959ish FTP) going. > > Well, in means of full nat - yes. I have no statistics of how people use > nf_nat/xt_RAWNAT, but in my tasks I have a lot of packets that do > not need DPI. Not only DPI. You're also leaking your network topology though ICMP error messages, as the internal header is not mangled. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
