I'd like to alter the outgoing IP address (from internal to external LB) on all packets sent on a specific port, without incurring the overhead of running conntrack. DNAT of course requires conntrack. But I can't think of a reason why this simple substitution would require stateful representation of packet flows. I was able to find one reference to someone trying to mange the RAW packets [1] in 2008, but apparently without success. Is it currently possible to alter outgoing IP addresses without connection tracking? [1] http://www.linuxquestions.org/questions/linux-networking-3/iptables-notrack-670012/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
