lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f4845fc0809140747u63f6ad63m43877bbbf09c4778@mail.gmail.com>
Date:	Sun, 14 Sep 2008 16:47:51 +0200
From:	"Julius Volz" <juliusv@...gle.com>
To:	"Joseph Mack NA3T" <jmack@...d.net>
Cc:	lvs-devel@...r.kernel.org, netdev@...r.kernel.org,
	j.stubbs@...kthink.co.jp
Subject: Re: Adding SNAT support to LVS/NAT

On Sun, Sep 14, 2008 at 12:39 PM, Julius Volz <juliusv@...gle.com> wrote:
> On Sun, Sep 14, 2008 at 3:37 AM, Joseph Mack NA3T <jmack@...d.net> wrote:
>> On Sun, 14 Sep 2008, Julius Volz wrote:
>>
>>> So maybe it would already work? ;)
>>
>> No. Some highly motivated people tried doing SNAT on OUTPUT in an attempt to
>> do F5-SNAT and it didn't work. This lead to the write up in
>>
>> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.non-modified_realservers.html#F5_snat
>>
>> which brings us to where we are now.
>
> Thanks for the info! Right, I even said myself in the previous reply
> that ip_vs_postrouting() stops further processing in the POSTROUTING
> chain, so it never reaches netfilter NAT code.

Actually, what if we modify or remove that function to allow further
processing in POSTROUTING? Could SNAT work with IPVS then?

The comment above it says that the function specifically wants to
avoid further NAT by netfilter. But is this always a problem?

Julius

-- 
Julius Volz - Corporate Operations - SysOps

Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ