On Apr 26 2007 13:27, Ben Greear wrote: >> >> Why is a different tuple needed? > > Isn't the decision to NAT or not stored in the ct->status bitfield? > > If so, then if I want to NAT some packets and not others, > they must belong to different tuples. Why do you want to NAT some, and don't NAT others? > If virtual router 1 is routing pkts from 1.1.1.1 to 2.2.2.2, > and virtual router 2 is routing pkts from 1.1.1.1 to 2.2.2.2, and I > only want to NAT pkts leaving virtual router 1, then I think I > have to somehow force different ct tuples based on which virtual > router the pkts are flowing through. I was trying to do this by > MARKing packets entering a device in a particular virtual router > and using the mark as part of the tuple.... Ah in that case it might be easiest to write a netfilter target that does a tupleless NAT. Jan --
