Hi, > > Is there a way to use netfilter (iptables or nftables) for my use case ? > UDP with connection tracking can produce undesired behaviors. The usual recommendation is to mangle those packets from the raw table but in cases of natting that is not possible. Currently, nftables is able to perform stateless NAT from the ingress hook without using conntrack, so I think this is the best way to perform NAT with UDP. You can find an example in this URL: https://github.com/zevenet/nftlb/blob/master/tests/cmd/015_stlsdnat_ipv4_tcp_hash.nft Note that: 192.168.0.100 is the virtual service IP 80 is the virtual service port 192.168.0.10 is the backend 1 192.168.0.11 is the backend 2 The example is for TCP but can be translated to UDP very easily. Cheers.
