* Altering outgoing IP Address without Connection Tracking
@ 2011-09-06 22:59 Chris Burroughs
2011-09-06 23:10 ` Pandu Poluan
0 siblings, 1 reply; 3+ messages in thread
From: Chris Burroughs @ 2011-09-06 22:59 UTC (permalink / raw)
To: netfilter
I'd like to alter the outgoing IP address (from internal to external LB)
on all packets sent on a specific port, without incurring the overhead
of running conntrack. DNAT of course requires conntrack. But I can't
think of a reason why this simple substitution would require stateful
representation of packet flows. I was able to find one reference to
someone trying to mange the RAW packets [1] in 2008, but apparently
without success.
Is it currently possible to alter outgoing IP addresses without
connection tracking?
[1]
http://www.linuxquestions.org/questions/linux-networking-3/iptables-notrack-670012/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Altering outgoing IP Address without Connection Tracking
2011-09-06 22:59 Altering outgoing IP Address without Connection Tracking Chris Burroughs
@ 2011-09-06 23:10 ` Pandu Poluan
2011-09-07 0:07 ` Jan Engelhardt
0 siblings, 1 reply; 3+ messages in thread
From: Pandu Poluan @ 2011-09-06 23:10 UTC (permalink / raw)
To: Chris Burroughs, netfilter
(Sorry for top posting; Gmail java mobile client sucks)
IIRC, You can do stateless NAT using iproute2.
Rgds,
On 2011-09-07, Chris Burroughs <chris.burroughs@gmail.com> wrote:
> I'd like to alter the outgoing IP address (from internal to external LB)
> on all packets sent on a specific port, without incurring the overhead
> of running conntrack. DNAT of course requires conntrack. But I can't
> think of a reason why this simple substitution would require stateful
> representation of packet flows. I was able to find one reference to
> someone trying to mange the RAW packets [1] in 2008, but apparently
> without success.
>
> Is it currently possible to alter outgoing IP addresses without
> connection tracking?
>
> [1]
> http://www.linuxquestions.org/questions/linux-networking-3/iptables-notrack-670012/
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
--
Pandu E Poluan - IT Optimizer
My website: http://pandu.poluan.info/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Altering outgoing IP Address without Connection Tracking
2011-09-06 23:10 ` Pandu Poluan
@ 2011-09-07 0:07 ` Jan Engelhardt
0 siblings, 0 replies; 3+ messages in thread
From: Jan Engelhardt @ 2011-09-07 0:07 UTC (permalink / raw)
To: Pandu Poluan; +Cc: Chris Burroughs, netfilter
On Wednesday 2011-09-07 01:10, Pandu Poluan wrote:
>On 2011-09-07, Chris Burroughs <chris.burroughs@gmail.com> wrote:
>
>>I'd like to alter the outgoing IP address [...] without incurring
>>the overhead of running conntrack.
>(Sorry for top posting; Gmail java mobile client sucks)
Take another client, then?
>IIRC, You can do stateless NAT using iproute2.
That sounds so terribly obscure that it might as well not be implemented
in the first place.
Yes, the manpage is clear on that, once read:
|./man/man8/ip.8:Route NAT is no longer supported in Linux 2.6.
More likely successful is xt_RAWDNAT / xt_RAWSNAT instead (including
the pains coming from stateless NAT).
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-09-07 0:07 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-06 22:59 Altering outgoing IP Address without Connection Tracking Chris Burroughs
2011-09-06 23:10 ` Pandu Poluan
2011-09-07 0:07 ` Jan Engelhardt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox