| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 14 Sep 2008 16:47:51 +0200 From: "Julius Volz" <juliusv@...gle.com> To: "Joseph Mack NA3T" <jmack@...d.net> Cc: lvs-devel@...r.kernel.org, netdev@...r.kernel.org, j.stubbs@...kthink.co.jp Subject: Re: Adding SNAT support to LVS/NAT On Sun, Sep 14, 2008 at 12:39 PM, Julius Volz <juliusv@...gle.com> wrote: > On Sun, Sep 14, 2008 at 3:37 AM, Joseph Mack NA3T <jmack@...d.net> wrote: >> On Sun, 14 Sep 2008, Julius Volz wrote: >> >>> So maybe it would already work? ;) >> >> No. Some highly motivated people tried doing SNAT on OUTPUT in an attempt to >> do F5-SNAT and it didn't work. This lead to the write up in >> >> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.non-modified_realservers.html#F5_snat >> >> which brings us to where we are now. > > Thanks for the info! Right, I even said myself in the previous reply > that ip_vs_postrouting() stops further processing in the POSTROUTING > chain, so it never reaches netfilter NAT code. Actually, what if we modify or remove that function to allow further processing in POSTROUTING? Could SNAT work with IPVS then? The comment above it says that the function specifically wants to avoid further NAT by netfilter. But is this always a problem? Julius -- Julius Volz - Corporate Operations - SysOps Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists