Hi Jozsef, Hi John, On Thu, Feb 24, 2005 at 05:43:12PM +0100, Jozsef Kadlecsik told us: > You cannot do NAT without conntrack, because NAT in netfilter is built on > the top of conntrack. By the NOTRACK target you disable conntrack for > the selected packets thus disable NAT as well. > > Currently there is no way to define stateless NAT in netfilter. That is > the bad news. The good one is that however one could write a stateless NAT > target module, nothing prevents that. in 2.4 kernels there was a possibility to do "dumb NAT", i.e. NAT without connection tracking, which could be configured with the ip utility if I remember correctly. Unfortunately, this dumb NAT has been removed from the 2.6 kernel because it was broken (I think due to the ipsec/xfrm changes, again IIRC :-) ) Sven > > Best regards, > Jozsef > - > E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx > PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt > Address : KFKI Research Institute for Particle and Nuclear Physics > H-1525 Budapest 114, POB. 49, Hungary > > -- Linux zion 2.6.11-rc3-mm2 #1 Mon Feb 21 00:29:04 CET 2005 i686 athlon i386 GNU/Linux 17:51:51 up 3 days, 17:02, 1 user, load average: 0.01, 0.01, 0.00
Attachment:
pgpLH6IvduRVU.pgp
Description: PGP signature
