Re: [LARTC] routing patches seem to break output nat

[Julian Anastasov <ja@ssi.bg>]

        Hello,

On Tue, 23 Jan 2007, Tim Haak wrote:

> We have applied the routing patches from 
> http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our 
> output natting. Has anyone else experienced this or any advice on how to 
> fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be 
> appreciated.

        Month ago Bart Duchesne found a problem with the
routes patch for 2.6 where reply packet for -j DNAT connections initiated
in OUTPUT are dropped in pre-routing. I now updated the patches and if you 
have the same problem you can try the new diffs from today, eg. 

http://www.ssi.bg/~ja/routes-2.6.19-13.diff

        The fix for old patches is to remove the following extra check
(2 lines from net/ipv4/route.c) which obviously aborts ip_route_input()
with EINVAL for RTN_LOCAL when replies from remote host are destined to
our local IP:

+       if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT)
+               goto e_inval;

Regards

--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc