Anyone know why this feature was removed from the kernel

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Jul 24 17:57:22 UTC 2012 

On 24 July 2012 13:43, William Muriithi <william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Afternoon,
>
> I just came across this statement from the iptables man page and for
> no immediate practical reason, got curious why the kernel developers
> decided to remove this feature.
>
> Quote:
>               In  Kernels up to 2.6.10, you can add several
> --to-source options. For those kernels, if you specify more than one
> source
>               address, either via an address range or multiple
> --to-source options, a simple round-robin (one after another  in
> cycle)
>               takes place between these addresses.  Later Kernels (>=
> 2.6.11-rc1) don’t have the ability to NAT to multiple ranges any-
>               more.
> End Quote
>
Formatting is kind of messed up.  Trying again

Quote:
In  Kernels up to 2.6.10, you can add several --to-source options. For
those kernels, if you specify more than one source address, either via
an address range or multiple --to-source options, a simple round-robin
(one after another  in  cycle)  takes place between these addresses.
Later Kernels (>= 2.6.11-rc1) don’t have the ability to NAT to
multiple ranges any-more.

End Quote:

And the context of the above would be as follow

Before 2.6.10 this was possible
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.0/24
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.2
 --to-source 192.168.1.3

After 2.6.10, you can only do
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.2

Hope this is more clear.

William
> Unfortunately, I can't think of a single reason.  I am suspecting
> security reasons, but I frankly can't see how that would be the case.
> Any one privy of what happened?
>
> Regards,
>
> William
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list