From: "Steve \(Telsat Broadband\)" <steve@telsatbb.vu>
To: 'Joao Pereira' <joaopapereira@gmail.com>, netfilter@vger.kernel.org
Subject: RE: ip6tables REDIRECT support
Date: Fri, 28 Sep 2012 04:21:56 +1100 [thread overview]
Message-ID: <06b901cd9cd4$98ebea50$cac3bef0$@telsatbb.vu> (raw)
In-Reply-To: <CAAq25NTpN5bvPyHKfQ0e-rHU2OWg+Sjb00mq=rVKrt1c9POctg@mail.gmail.com>
Hi João,
I too was requiring this for a server of ours; but not for the exact same
reason, ours was to implement a capture portal.
I did try to compile the patch you mentioned into ip6tables 1.4.10 but part
of the patch that I had a copy of was incomplete, further due to my limited
knowledge of the code netfilter is built on, I couldn't make a work-around.
I posted to this list some time back asking if only the REDIRECT component
of NAT would be implemented, perhaps not in a NAT table, but rather as a -j
target of the mangle table; just a suggestion; but I can't recall getting
any definitive responses.
The majority of the responses I did get suggested to use TPROXY instead of
redirect, but in my particular case, that didn't work properly and seemed to
have much more overhead than the redirect target.
Hopefully someone out there in the dev team will understand our plight and
perhaps incorporate this important target.
Cheers.
Steve.
Steve Noorderbroek
C.T.O.
Telsat Broadband Limited
www.telsatbb.vu
-----Original Message-----
From: netfilter-owner@vger.kernel.org
[mailto:netfilter-owner@vger.kernel.org] On Behalf Of Joao Pereira
Sent: Thursday, 27 September 2012 11:18 PM
To: netfilter@vger.kernel.org
Subject: ip6tables REDIRECT support
Hello,
I found a thread of last year with one announcement of the creation of a
patch to implement NAT on ipv6. I know that with IPv6 we are not supposed to
have NAT anymore but i have a problem that a need to solve and the REDIRECT
of iptables was the solution for it in IPv4.
The scenario is the following
I have one application running in machine A, and a server also in machine A.
I am sending one request from the application to the server.
I need to make this request pass through another machine first and only then
land on the server.
I could do this by adding a redirect rule to redirect the traffic using the
port.
I found the patch on http://lwn.net/Articles/468671/ Was the patch applied
in any version of iptables?
BR
--
-------
João Pereira
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in the
body of a message to majordomo@vger.kernel.org More majordomo info at
http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2012-09-27 17:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-27 12:17 ip6tables REDIRECT support Joao Pereira
2012-09-27 17:21 ` Steve (Telsat Broadband) [this message]
2012-09-27 18:25 ` Jan Engelhardt
2012-09-28 18:17 ` Eliezer Croitoru
2012-09-28 20:22 ` Steve (Telsat Broadband)
2012-09-29 2:31 ` Eliezer Croitoru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='06b901cd9cd4$98ebea50$cac3bef0$@telsatbb.vu' \
--to=steve@telsatbb.vu \
--cc=joaopapereira@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox