you are correct! Thanks very much.
It's works set a new example as following.
ip,in_port=2 actions=ct(table=1,zone=1,nat)
ip,in_port=3 actions=ct(table=1,zone=1,nat)
table=1, ct_state=+new+trk,tcp,in_port=2,tp_dst=123
actions=ct(commit,zone=1,nat(src=2.2.1.7)),output:3
table=1, ct_state=+new+
On 13 March 2017 at 20:18, wenxu wrote:
> Hi all,
>
> There is a simple test for conntrack and nat in openvswitch. I want to do
> stateful
> firewall with conntrack then do nat
>
> netns1 port1 with ip 10.0.0.7
> netns2 port2 with ip 1.1.1.7
>
> netns1 10.0.0.7 src -nat to 2.2.1.7 access netns2
Hi all,
There is a simple test for conntrack and nat in openvswitch. I want to do
stateful
firewall with conntrack then do nat
netns1 port1 with ip 10.0.0.7
netns2 port2 with ip 1.1.1.7
netns1 10.0.0.7 src -nat to 2.2.1.7 access netns2 1.1.1.7
1. # ovs-ofctl add-flow br0 'ip,in_port=1 action
