Hi, 2004-09-29, sze keltezéssel 07:01-kor Tim Burress ezt írta:
I was just wondering if any sort of resolution has appeared for this interaction between TPROXY and the various components of Netfilter? It wasn't clear from the Netfilter summary how much discussion might have gone on.
Oh, sorry, I completely forgot to reply to this mail after the workshop. So, it looks that the problem is that Netfilter does an implicit SNAT on LOCAL_OUT if you use DNAT rules and a specific DNAT rule would cause the packet to go out from a different interface than it was originally destined to. I'm not sure that this is necessary at all, and it looks like we've been able to convince Rusty that it should be probably removed. Along with other NAT-related Netfilter patches, it is waiting for Rusty to submit them. As for now, you could remove this routing lookup and check from the NAT code, and see what happens. -- Regards, Krisztian KOVACS