Wensong Zhang wrote:
Well, I hope IPVS people will take care of this. I don't really know
that code too well...
This bit is only to indicate that the sk_buff is already mangled by
IPVS/NAT, so that when both iptables/NAT and IPVS/NAT are enabled,
iptables/NAT will not mangle sk_buff again. I am not sure if there is
more elegant way to work around this issue, will investigate it.
For new connections you could set the IPS_SRC_NAT_DONE and
IPS_DST_NAT_DONE bits in conntrack->status to avoid NAT setting up
new mappings. But this doesn't work if IPVS is loaded when NAT
has already set up the mappings. In this case you could refuse
to NAT in IPVS.
Regards
Patrick
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
