[LARTC] routing patches seem to break output nat
Julian Anastasov
ja at ssi.bg
Tue Jan 23 23:31:43 CET 2007
Hello,
On Tue, 23 Jan 2007, Tim Haak wrote:
> We have applied the routing patches from
> http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our
> output natting. Has anyone else experienced this or any advice on how to
> fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be
> appreciated.
Month ago Bart Duchesne found a problem with the
routes patch for 2.6 where reply packet for -j DNAT connections initiated
in OUTPUT are dropped in pre-routing. I now updated the patches and if you
have the same problem you can try the new diffs from today, eg.
http://www.ssi.bg/~ja/routes-2.6.19-13.diff
The fix for old patches is to remove the following extra check
(2 lines from net/ipv4/route.c) which obviously aborts ip_route_input()
with EINVAL for RTN_LOCAL when replies from remote host are destined to
our local IP:
+ if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT)
+ goto e_inval;
Regards
--
Julian Anastasov <ja at ssi.bg>
More information about the LARTC
mailing list