On Sun, Jun 03, 2012 at 11:05:19PM +0200, Gregory Nietsky wrote: > > Greetings > > I have been working on userspace nat via NFQUEUE i have it working > but something does not make > sense to me. So, you're implementing NAT in user-space with NFQUEUE, right? > the code below is to build the conntrack and attach the nat attributes. > > i cannot get it working unless i use the following > > nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED); Yes, this is mandatory to create a new conntrack entry, with and without NAT. > the documentation and examples suggest this is not correct however this way > it works no other options function. > > as the documentation is not extensive perhaps someone will be able > to comment on this. > > am i correct to only use this for TCP connections. > > the code for this is available @ > http://pbx.distrotech.co.za/svn/taploop/trunk/ in the framework > directory. I have a patch here to improve integration between ctnetlink and nfnl_queue, but you'll have to wait to see that in mainstream. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
