I hope you can bear with me as this is a little long. I have a system with linux 2.6.22.15 without any patch, and iptables 1.3.8 also without any patch ( I have done a great deal of problem isolation, therefore all the patches I added have been removed and so now it's left as a vanilla system). In the system I happened to configure a bridge br0 and is assigned an IP. In the bridge there is also a connection to internet using pppoe via an additional interface. The outgoing interface is natted. I have a client on the side A of the bridge which default route to the IP of br0 of the bridge. And on the bridge, there are two routing paths, one via NAT to the internet and one is without NAT, another to a router on the side B of the bridge. And the bridge is doing multipath weight routing of equal weight on both the uplinks. What I noticed is that certain times I would get to have private IP leaks to the natted interface. I have been trying very hard to figure out how to repeat this problem and it does not happen all the time but which it happens, I don't know how to normalize it. I tried re-run iptables scripts and flush the routing cache, it does not bring the system back. And it does not happen to all packets, only some. I am pretty sure I do SNAT or MASQUERADE on the natted interface, but this rule seems to be skipped or ignored at certain time. I have finally figured out a consistent way to repeat the problem but now I am still short of an answer. The detail of how I could repeat it is again quite long, and so I am skipping it for now. Also I have not been able to repeat this problem without using a bridge I tried multipath routing, one leg is natted, and another is routed without NAT and without bridge, but I don't see the problem. But since the problem comes out intermittently, I am at this moment unable to say for sure it does not happen without a bridge. I know it probably a long shot now, anyone has a clue ? Best regards. -------------------------------------------- Important Warning! *************************** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it. - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
