Mr. Filip, --- Filip Sneppe <filip.sneppe@cronos.be> wrote: > On Mon, 2002-11-11 at 20:21, Brad Chapman wrote: > > > > Basically, if this person wants to do NAT, he has to do connection tracking as > well. > > LYSB, he doesn't have to run ctrack without NAT, but without ctrack the current > > implementation of NAT in netfilter won't work. If there are other stateless NAT > > kernel implementations available that attach to netfilter, then I am currently > > unaware of them. > > > Hi Brad & Antony, > > There is one other way to do NAT without connection tracking - this is > even possible on 2.2 kernels. There is some NAT functionality in the > routing code (policy routing, advanced routing). > > This is a form of NAT where only the IP addresses in the IP header > are changed, no data inside the packet payload is inspected or changed. > Also, there is no automatic retranslation of return packets, like with > iptables. *thunk* Duh! I had forgotten about that, having never used it. Good call. Maybe the original poster will be interested in this. > > The syntax is a little different and takes some time to get used to; > basically you get something like this: > > ip rule add from 192.168.1.32/27 nat 10.1.1.32 prio 14000 > ip route add nat 10.1.1.32/27 via 192.168.1.32 > > to set up NAT rules. > > For more info, see the iproute documentations. I can also recommend > the book "Policy Routing with Linux" by Matthew G. Marsh, who is also > a contributor on this list. > > The book is being released online at http://www.policyrouting.org/, > but is definately worth the buy. > > Regards, > Filip > Brad ===== Brad Chapman Permanent e-mail: kakadu_croc@yahoo.com __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2
