Zagato a écrit :
Hi.. thanks for the answer... but i really sure that my old rules works fine on centos 4.2, when i upgrade to 5.2 psql -h localhost -p 5432 test have the same symptomatic, maybe a kernel module that i need to modoprobe ? what chage that my old rules doesn't work anymore... ? Centos 5.2 kernel: 2.6.18-92.el5
According to a quick search it seems that Centos 4.2 included a kernel 2.6.9. In kernels before 2.6.11, the DNAT target in the OUTPUT chain used to change the source address to reflect the new output interface. This is not true for newer 2.6 kernels due to a change in kernel 2.6.11.
From <http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11> : ======================================================================== [PATCH] Remove do_extra_mangle: double NAT on LOCAL_OUT On NF_IP_LOCAL_OUT, when destination NAT changes the destination interface, we also change the source address, so the packet is the same as if it were generated to go that way in the first place. This is not strictly necessary, I believe. This patch rips that code out to see what breaks. ======================================================================== (Well, you can see what breaks) -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
