> If all you do is the NAT mappings, then directly using conntrack(8) > and/or libnetfilter_conntrack should suffice, especially since UDP CT > entries stay around until their known timeout. Hmm. That's basically what you said back in January: List: netfilter Subject: Re: Stateless NAT with iptables From: Jan Engelhardt Date: 2015-01-09 23:54:16 http://marc.info/?l=netfilter&m=142084805119379&w=2 But I tried that and couldn't get it working; Marcelo Ricardo Leitner said "Having the conntrack entry is not enough to get your packets NATed" List: netfilter Subject: Re: Stateless NAT with iptables From: Marcelo Ricardo Leitner <marcelo.leitner () gmail ! com> Date: 2015-01-12 22:06:31 Message-ID: 54B44567.2050707 () gmail ! com Which seemed to match my observations. I'll go back in the hole if people here seem to think it's viable and I'm missing something, though. Thanks for reading! -g -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
