Re: 2.4.23 masquerading broken?
From: Harald Welte
Date: Sat Jan 10 2004 - 17:04:36 EST
On Tue, Dec 02, 2003 at 06:25:22PM +0100, Patrick McHardy wrote:
> Wilmer van der Gaast wrote:
>
> >For security reasons, I upgraded to 2.4.23 last night. Now, suddenly, IP
> >masquerading seems to be broken. When I use SNAT instead of
> >masquerading, everything works.
> >
> >Unfortunately, I think it's hard to reproduce the problem. Right after
> >booting .23 for the first time, everything seemed to be okay. The
> >problems started just an hour ago, after having the server running for
> >fifteen hours without any problems.
> >
> >Unfortunately there's not much more information I can provide. I can
> >attach my iptables/rule/route file and keep my machine running in case
> >anyone needs/wants more information. For now I'll just stick with SNAT.
> >It works good enough for me.
This seems to be the same as
http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0465.html
and https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=144
I've committed the proposed fix (from #144) into patch-o-matic/pending.
Comments?
> Patrick
Patrick,
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature