Re: 2.4.23 masquerading broken? key.oif = 0;

[Neal Stephenson]

Unfortunately this did not work it produces the same effect. The changes
do work fine in 2.4.22-ac4, so the changes do work and make sense, don't
know why i didn't do it that way the first time.

Neal

On Wed, 2003-12-10 at 05:04, Martin Josefsson wrote:
> On Tue, 9 Dec 2003, Neal Stephenson wrote:
> 
> > iptables -t mangle -A PREROUTING --protocol tcp --destination-port 80 -j
> > MARK --set-mark 0x932
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> >
> > ip rule add pri 424 iif eth0 fwmark 0x932 table symp
> >
> > 	and this is what shows up in dmesg
> >
> > MASQUERADE: Route sent us somewhere else.
> >
> > 	Any suggestions appreciated,
> 
> Try adding "-i eth0" to the mangle/PREROUTING rule
> and remove "iif eth0" in the iproute rule.
> 
> I think the problem is that when the packet is routed it follows the
> iproute rule and goes to the "symp" table.
> But when ipt_MASQUERADE.c does another lookup to get the local
> source-address of the route that this packet will match we don't have the
> input-interface anymore, and thus matches another rule/route. So change
> the fwmark to include the input interface.
> 
> This is just a theory, I know too little about your routingtables to say
> anything more specific.
> 
> (The earlier behaviour was incorrect, ipt_MASQUERADE.c ignored
> policy-routing which broke things. Now it should be a lot more sane, but
> does unexpected things in some cases, like yours :)
> 
> /Martin

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/