Hello, We have a unique situation. Our core application software needs to be IP transparent. For this purpose it uses tproxy. When connecting to upstream some of our client connections need to be SNATed. This gives to the following situation: As the client request arrives a conntrack is created that looks like: IPa, Pa, IPb, Pb, IPa, Pa, IPb, Pb As we connect out to the origin a new conntrack entry is created that looks like: IPa, Pa', IPb, Pb, NAT-IPa, NAT-Pa, IPb, Pb With some probability an independent incoming request may look like: IPa, Pa', IPb, Pb We see that as SYN with this request arrives, the old NAT conntrack entry is removed blackholing the upstream connection. Can tproxy be safely used with SNAT? Is there a way around this issue? -Umesh -- Homepage: http://blogs.techievarta.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
