Broken masquerade when using policy routing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Rusty, David!

It seems as if some changes from August [1] have broken masquerade when
using "advanced routing" features to route the packets.

I have two WAN-devices on my linux router at home, one ISDN (ippp0) and
one ADSL (ppp0) link. I want to route (bulk) traffic from specific IPs
over the ISDN link and I did that with policy routing (at least I think
that's what it's called).

Here is my current setup:

---

HITB:~# ip rule list
0:      from all lookup local
32763:  from 62.46.2.124 lookup 42
32764:  from 192.168.0.21 iif eth1 lookup 42
32765:  from 192.168.0.11 iif eth1 lookup 42
32766:  from all lookup main
32767:  from all lookup default
HITB:~# ip route show table 42
default via 195.3.94.58 dev ippp0
HITB:~# ip route list | grep default
default via 213.229.45.253 dev ppp0
HITB:~# iptables -t nat -L -v -n | grep -A4 POSTROUTING
Chain POSTROUTING (policy ACCEPT 69494 packets, 4741K bytes)
 pkts bytes target     prot opt in     out     source               destination
49609 2243K MASQUERADE  all  --  *      ppp0    192.168.0.0/24       0.0.0.0/0
18466 1132K MASQUERADE  all  --  *      ippp0   192.168.0.0/24       0.0.0.0/0

HITB:~#

---

This did work fine with up to 2.4.22-pre3 but when updating to 2.4.23 the
packets which should get sent over the ippp0 device seem to get dropped by
the masquerading module. I got lots of these messages:

Dec 15 00:20:57 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:01 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:07 HITB kernel: MASQUERADE: Route sent us somewhere else.

which apparently come from the changes [2] done to ipt_MASQUERADE.c

Now my question: Is this an intended behaviour? If so, how should I change
my setup so that it works again with masquerading?

[1] http://marc.theaimsgroup.com/?l=linux-net&w=2&r=1&s=rusty%27s+brain+broke&q=b
[2] http://linux.bkbits.net:8080/linux-2.4/diffs/net/ipv4/netfilter/ipt_MASQUERADE.c@1.6?nav=index.html|src/.|src/net|src/net/ipv4|src/net/ipv4/netfilter|hist/net/ipv4/netfilter/ipt_MASQUERADE.c

best regards and thanks in advance,
Michael Renner
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux