Re: Outgoing redirection with iptables - TCP skips NAT?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> I guess this won't work because if you connection is established it will be stored in a TCP State table which is used for filtering and forwarding.
> If you connection already exists it makes no sense to check it against all rules from the ruleset.
>
> UDP doesn't have a statetable (cuz it's stateless) and that is the reason why this works.

Thank you very much, that explains a lot. Is there any way to force
TCP packets through the NAT-filter without writing a module? I have
found out that it sort of works using conntrack -F and rules, but that
is so ugly that I really wish I hadn't found the solution :) I know
this violates more or less every TCP principle, but the reason I want
to do this is because the receiver is multihomed as well. So my plan
is to intelligently stripe data over the links and do it transparent
to the application.

-Kristian
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux