On Fri, Dec 12, 2003 at 02:53:19PM -0800, Kishore Dharmavaram wrote: > Hello Jan & All, > > Yes I want to do that for UDP & ICMP, can you tellme how to remove stateful > inspection(connection tracking) for just ICMP and UDP protocols without > removing NAT on ICMP and UDP packets. since the netfilter/iptables NAT implementation is fully dynamic stateful NAT, you cannot use any of our nat features without connection tracking. It is also not possible to do NAT in a safe way, if connection tracking applies only to certain packets. Because unless we lookup a connection tracking entry, we don't know which NAT bindings to apply to the particular packet. > Thanks, > Kishore -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00695.pgp
Description: PGP signature
