* IPIP and SNAT
@ 2003-07-30 15:37 Stelios Sidiroglou-Douskos
2003-08-02 16:03 ` Harald Welte
0 siblings, 1 reply; 3+ messages in thread
From: Stelios Sidiroglou-Douskos @ 2003-07-30 15:37 UTC (permalink / raw)
To: netfilter-devel
I am having some trouble with SNAT and my IPIP implementation. I have the
ipip part working (I use code from ipip.c) but when I clear the nfct field
of the sk_buff that packet that gets fwd to the other interface doesn't
get NATed. I tried not clearing conntrack but obviously that results in
the packets not matching up when they return.
Do I have to rebuild the conntrack tuple and insert it back? If so, is
there a code or a helper function to do just that?
thanks in advance,
stelios.
p.s Please reply to this address directly also.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: IPIP and SNAT
2003-07-30 15:37 IPIP and SNAT Stelios Sidiroglou-Douskos
@ 2003-08-02 16:03 ` Harald Welte
0 siblings, 0 replies; 3+ messages in thread
From: Harald Welte @ 2003-08-02 16:03 UTC (permalink / raw)
To: Stelios Sidiroglou-Douskos; +Cc: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 1319 bytes --]
On Wed, Jul 30, 2003 at 11:37:23AM -0400, Stelios Sidiroglou-Douskos wrote:
>
> I am having some trouble with SNAT and my IPIP implementation.
What is 'your IPIP implementation'?
> I have the ipip part working (I use code from ipip.c) but when I clear
> the nfct field of the sk_buff that packet that gets fwd to the other
> interface doesn't get NATed.
obviously. The NAT mappings are saved in the conntrack entry, so if you
remove the reference to conntrack, there will no NAT happen.
> I tried not clearing conntrack but obviously that results in
> the packets not matching up when they return.
>
> Do I have to rebuild the conntrack tuple and insert it back? If so, is
> there a code or a helper function to do just that?
well, as I am not aware of what exactly you are trying to implement,
It's hard to give any hints.
> thanks in advance,
> stelios.
>
> p.s Please reply to this address directly also.
--
- Harald Welte <laforge@netfilter.org> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* IPIP and SNAT
@ 2003-07-31 19:30 Stelios Sidiroglou-Douskos
0 siblings, 0 replies; 3+ messages in thread
From: Stelios Sidiroglou-Douskos @ 2003-07-31 19:30 UTC (permalink / raw)
To: netfilter-devel
I am having some trouble with SNAT and my IPIP implementation. I have the
ipip part working (I use code from ipip.c) but when I clear the nfct field
of the sk_buff that packet that gets fwd to the other interface doesn't
get NATed. I tried not clearing conntrack but obviously that results in
the packets not matching up when they return.
Do I have to rebuild the conntrack tuple and insert it back? If so, is
there a code or a helper function to do just that?
thanks in advance,
stelios.
p.s Please reply to this address directly also.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-02 16:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-30 15:37 IPIP and SNAT Stelios Sidiroglou-Douskos
2003-08-02 16:03 ` Harald Welte
-- strict thread matches above, loose matches on Subject: below --
2003-07-31 19:30 Stelios Sidiroglou-Douskos
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.