lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0809150815580.32594@wm7d.net>
Date:	Mon, 15 Sep 2008 08:24:38 -0700 (PDT)
From:	Joseph Mack NA3T <jmack@...d.net>
To:	Simon Horman <horms@...ge.net.au>
cc:	Julius Volz <juliusv@...gle.com>, lvs-devel@...r.kernel.org,
	netdev@...r.kernel.org, j.stubbs@...kthink.co.jp,
	Siim Põder <siim@...rad-teel.net>
Subject: Re: Adding SNAT support to LVS/NAT

On Mon, 15 Sep 2008, Simon Horman wrote:

> Well, it would be a problem if it gets DNATed a second time.

Are you just being really safe? Are you trying to prevent 
someone from adding DNAT rules to OUTPUT?

Would it be better (as much as possible) for LVS to appear 
to be just another netfilter module, in which case if 
someone wants to DNAT in OUTPUT, this should be allowed 
(whether it's sensible or not). Currently LVS-NAT doesn't 
allow SNAT on OUTPUT, which no-one thought about when 
LVS-NAT was first written and it turns out to be useful.

Joe

-- 
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ