Re: [LARTC] routing patches seem to break output nat

To:	Julian Anastasov <ja@ssi.bg>
Subject:	Re: [LARTC] routing patches seem to break output nat
From:	Tim Haak <tim@haak.co.uk>
Date:	Wed, 24 Jan 2007 13:17:15 +0200
Cc:	lartc@mailman.ds9a.nl
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:sender; b=lUyqCTbUbH4eudN6R9KRg/6TKfO8pvKWtkTm4QbchF1p6u5YwI5mLEYQzUKv6YN8J5KZI1ai935rokq7uGibTLBmhH1bYxtELyAmlh8u2bmWZo1QVSZo5MBel9MNnafxlPRFhZdcfdxof9h38TSt/5k7/XJ4xpDn1wGWtD0UnHI=
In-reply-to:	<Pine.LNX.4.58.0701240013350.2751@u.domain.uli>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<45B61764.5030902@haak.co.uk> <Pine.LNX.4.58.0701240013350.2751@u.domain.uli>
Sender:	lartc-bounces@mailman.ds9a.nl
User-agent:	Thunderbird 1.5.0.9 (X11/20070107)

Hi thanks for the quick response that seemed to work :)

Tim Haak

email: tim@haak.co.uk
cel:   0837787100

The executioner is, I hear, very expert, and my neck is very slender.
		-- Anne Boleyn

Julian Anastasov wrote:

	Hello,

On Tue, 23 Jan 2007, Tim Haak wrote:

We have applied the routing patches from 
http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our 
output natting. Has anyone else experienced this or any advice on how to 
fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be 
appreciated.


	Month ago Bart Duchesne found a problem with the
routes patch for 2.6 where reply packet for -j DNAT connections initiated
in OUTPUT are dropped in pre-routing. I now updated the patches and if you 
have the same problem you can try the new diffs from today, eg. 

http://www.ssi.bg/~ja/routes-2.6.19-13.diff

	The fix for old patches is to remove the following extra check
(2 lines from net/ipv4/route.c) which obviously aborts ip_route_input()
with EINVAL for RTN_LOCAL when replies from remote host are destined to
our local IP:

+       if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT)
+               goto e_inval;

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] routing patches seem to break output nat, Tim Haak [LARTC] routing patches seem to break output nat, Tim Haak Re: [LARTC] routing patches seem to break output nat, Julian Anastasov Re: [LARTC] routing patches seem to break output nat, Tim Haak <=

Previous by Date:	[LARTC] know if packets are marked, Roberto Pereyra
Next by Date:	[LARTC] Are There better EQL devices, Joe Gavin
Previous by Thread:	Re: [LARTC] routing patches seem to break output nat, Julian Anastasov
Next by Thread:	[LARTC] traffic shaping question, Nagy Gabor Peter
Indexes:	[Date] [Thread] [Top] [All Lists]