Hi,
I humbly ask your advice on this one:
I need to do DNAT changing destination to a single
ip-address for every non-marked packet.
I mark the packets in mangle table, I DNAT in nat table...
that would suffice but I need it to be stateless instead of
stateful! Tolerating conntrack overhead (in my case) is too
expensive.
The question is...how can I disable conntrack for DNAT ?
(a) there is a secret switch ? (not very likely ;o)
(b) there is a patch ?
(c) should I make such patch ? ( then touch what piece
of code: conntrack, ip_tables module,?)
(d) forget about it because...
TIA
Senra
--
Rodrigo Senra
MSc Computer Engineer (GPr Sistemas Ltda) rodsenra@gpr.com.br
http://www.ic.unicamp.br/~921234 (LinUxer 217.243) (ICQ 114477550)
