Hi, I have been trying to figure out how to do a NAT lookup from the kernel. I have been looking at connection tracking in the documentation but I can't figure out exactly what this is capable of or whether it can do what I want it to do. This is my situation in detail: I have a client VM, a dNAT VM, and a proxy VM. HTTP/HTTPS traffic from the client is routed to the dNAT VM and is destination natted (via iptables rule) to the proxy VM and proxy port. Right now I am having trouble with path MTU discovery and am wanting to write a module that forwards ICMP (no route to host) packets associated with an HTTP connection (sent back from the client) back to the HTTP proxy and rewrites the translated IP/ports according to what is in the NAT table for that connection. So basically when the dNAT receives an ICMP (no route to host, fragmentation needed) from the client side, I want to be able to look in the NAT table and do a lookup on the source IP, destination IP, source port, and destination port and find the associated connection to the proxy server. I know this is possible because when I establish the connection I can do a cat on /proc/net/nf_conntrack and get the full information, for example, when the client makes a connection to slashdot this gets printed: ipv4 2 tcp 6 86396 ESTABLISHED src=(client vm ip) dst=(slashdot ip) sport=1028 dport=80 src=(proxy vm ip) dst=(dnat vm ip) sport=8080 dport=1028 [ASSURED] mark=0 secmark=0 use=2 The thing is I want to be able to get this information from within the kernel. Any tips on how to do this? Thanks so much. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
