[tproxy] Bad Interaction between NAT and TPROXY

[KOVACS Krisztian]

  Hi,

2004-09-29, sze keltezéssel 07:01-kor Tim Burress ezt írta:
> I was just wondering if any sort of resolution has
> appeared for this interaction between TPROXY and the
> various components of Netfilter? It wasn't clear from
> the Netfilter summary how much discussion might have
> gone on.

  Oh, sorry, I completely forgot to reply to this mail after the
workshop. So, it looks that the problem is that Netfilter does an
implicit SNAT on LOCAL_OUT if you use DNAT rules and a specific DNAT
rule would cause the packet to go out from a different interface than it
was originally destined to. I'm not sure that this is necessary at all,
and it looks like we've been able to convince Rusty that it should be
probably removed.

  Along with other NAT-related Netfilter patches, it is waiting for
Rusty to submit them. As for now, you could remove this routing lookup
and check from the NAT code, and see what happens.

-- 
 Regards,
   Krisztian KOVACS