Why can't we create a new target module to support stateless NAT for NetFilter like the following link suggests? https://lists.netfilter.org/pipermail/netfilter/2005-February/058950.html I tried writing a target module, but I'm a bit baffled by how the target modules work. The existing target modules don't seem to have any source to modify the packets. If this is possible then the NETMAP module should already do the job. Assuming the NETMAP target module does what its description states. We should also be able to write a stateless NAT program using libipq. Even FreeBSD uses a user space program for NAT by using the divert socket api. However, I don't how to define any order in the programs grabbing packets from the QUEUE. In FreeBSD, instead of queueing the packet is rerouted to an internal "divert" port which can be binded to using the standard socket API, but divert socket are more expensive than the NetFilter QUEUE solution. I've found another solution to my problem without having to use NAT, but it would have been nice if I could have used NAT since my solution is rather contrived. -Matin On 6/8/05, codewarrior@xxxxxxxxxx <codewarrior@xxxxxxxxxx> wrote: > > On Jun 8, 2005, at 8:56 AM, Guenter.Sprakties@xxxxxxxx wrote: > >> You don't use netfilter. You use iproute2. > >> > >> http://linux-ip.net/html/nat-stateless.html > > First your right, iproute2 is the best tool managing simple 1:1 NAT. > > Second, is doesn't work because some guys decided to remove the > > necessary > > code out of the kernel. > > So you HAVE to use netfolter, and I tell you: > > First again, it didn't work. Second, no one of the guys out there > > helps > > you. I tried to get help, but nothing happend. > > I think, natting is against their religion or something like this. > > Take an old kernel and use iproute2, the most genial tool in all > > the net > > stuff. > > > hello guenter, > > thanks you for your answer , so i heard that it is > not possible to run iproute2 under osx right ? > > i got a script from my ISP > http://www.xaranet.de/dl/xaranet-tunnel.sh > > but you need iproute2 so there is no way ? > > > regards > > marc > > > ******************************************************** > opencuseeme / peer2peer multiparty conferencing > ******************************************************** > Marc Manthey > D - 50672 Cologne > West Europe > office: 0049.221.355.80.32 > mobile: 0049.177.341.54.81 > www.let.de > www.applehelpers.com > aim://macfreak2004 > macfreak@xxxxxxxxxx > > > > > >
