RE: Entirely ignoring TCP and UDP checksum in kernel level

[Josan Kadett]

Bad news... NAT does not work, but it should have worked. Where might be the
mistake ? I put another machine connected next to the patched linux server,
I sniff the traffic and see that:
(I enabled SNAT);

Packet arrives from 192.168.0.30 (new machine to test nat)
The packet is correctly translated and sent over the line
With the patch, the new packet seems to arrive from correct source 77.1

*But this is where the problem begins, the system does not send the received
packet to the address which is SNATted. I thought, the ip_input.c code would
work in the lowest level so IPTABLES would naively use the changed source
address...

I do not know if ever this problem will end... 


-----Original Message-----
From: Brad Campbell [mailto:brad@xxxxxxxxxxx] 
Sent: Sunday, August 22, 2004 10:48 AM
To: Josan Kadett
Subject: Re: Entirely ignoring TCP and UDP checksum in kernel level

Josan Kadett wrote:
> This does actually change the source IP address of the machine and allow
> NAT??
> 
> Client A 192.168.0.20 -- connects to patched linux server
> Linux 192.168.1.1 -- translates the source address 192.168.x.x to
1.1(SNAT)
> 
> And will NAT actually work with this patch, as far as I see, this code
gets
> the saddr and puts another one when the condition matches?

No.. this should work for you.. Try it and see anyway.

Regards,
Brad




-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/