Re: Allow DNPT target from raw table?

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Oliver <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Allow DNPT target from raw table?
Date: Mon, 6 May 2013 22:21:01 +0200	[thread overview]
Message-ID: <20130506202101.GB6025@macbook.localnet> (raw)
In-Reply-To: <2531686.RPhsabGAWo@gentoovm>

On Mon, May 06, 2013 at 04:38:19AM +0200, Oliver wrote:
> Hi all,
> 
> Currently, the DNPT target is restricted to the mangle table; this means that 
> it is effectively impossible to utilise NPT in tandem with conntrack since it's 
> impossible to rewrite the destination prefix prior to conntrack taking a look 
> at the skb.
> 
> Please consider allowing the use of DNPT from the raw table so that it's 
> possible to do prefix translation without having to forego the benefits of 
> conntrack.

The raw table doesn't have a POSTROUTING chain, which is where SNPT is
performed on order to catch both local and forwarded traffic.

If you're using conntrack anyways, why use NPT? The main benefit is that
you don't have to use conntrack.

next prev parent reply	other threads:[~2013-05-06 20:21 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-05-06  2:38 Allow DNPT target from raw table? Oliver
2013-05-06 19:30 ` Florian Westphal
2013-05-06 20:21 ` Patrick McHardy [this message]
2013-05-06 21:13   ` Oliver

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130506202101.GB6025@macbook.localnet \
    --to=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).