On 7/28/05, Dharanikanth Dugginni <dharanikanthd@xxxxxxxxx> wrote: > Hello Matin, > > I saw a post from you about Stateless NAT in linux and you concluded > saying you found some solution, I am trying to do some thing similar > to that, would you mind sharing the approach you have taken?? > > Thanks, > -Dhar > I had a *real* special situation since I'm doing this just for a testbed. I was able to get around stateless NAT by using ARP poisoning to force a certain network topology. This approach will work but is not scalable and not recommended. IMHO, you have the following options: 1. Use a different firewall -- I'm sure you've heard suggestion before. 2. Create a target module -- I couldn't figure out how to do this for a static NAT, so please let me know if you do 3. QUEUE the packets you want to NAT and use libipq to do the static NATing 4. ARP poisoning (spoofing) Let me know if you want me to post more information about 3 or 4. -Matin
