Hi Joszef,
On Sat, 10 Nov 2012, Jozsef Kadlecsik wrote:
But the thread is drifted from the original cases:
This only seems to happen when you're using a UDP device behind a Linux
NAT router, and your routing to the destination host changes, because:
* You bring up a VPN tunnel and the SIP destination is at the other end
of that tunnel; or
This case is not handled by MASQUERADE.
* Your default route changes because you failover to another provider.
And this case is also not handled if the original default route device is
still healthy, that is for example when you use some dynamic routing
protocol which detects failure in the routing path.
Not necessarily dynamic routing. Even using pppd (pppoa/pppoe) for one
connection and ethernet for the other can cause this problem. Any case
that changes routing without bringing down the old device can be affected.
I'm glad you agree that these are actual problems or limitations with
MASQUERADE.
I do not see any simple solution except to delete any NATed entry
unconditionally when the routing changes. But that can easily be too much
and may kill valid entries.
But I'm sorry that you won't consider having a flag that changes
MASQUERADE's behaviour to automatically change the source address in the
conntrack entry.
Is that because you think it's impossible or infeasible to get access to
the right information at the right time? Or some other reason?
Cheers, Chris.
--
Aptivate | http://www.aptivate.org | Phone: +44 1223 967 838
Future Business, Cam City FC, Milton Rd, Cambridge, CB4 1UY, UK
Aptivate is a not-for-profit company registered in England and Wales
with company number 04980791.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
