MASQUERADE: Route sent us somewhere else

[Delian Krustev <krustev@krustev.net>]

Hi,

I've red the postings about similar messages in the syslog posted in the
mailing list. However my problem is quite different. Here's the setup:

                                 eth1
              eth0  +---------+ static ip 
   *LAN* -----------|         |-------- \
                    |linux-box|           *INTERNET*
                    |         |-------- /
                    +---------+  eth2
                              dhcp configured


*mangle
-A FORWARD -j MARK --set-mark 0x1

*nat
-A POSTROUTING -o eth1 -j SNAT --to-source <eth1 ip>
-A POSTROUTING -o eth2 -j MASQUERADE

/sbin/ip ru add fwmark 0x1 lookup FW prio 40

The main table routes internet traffic via eth2 by default. I'me referencing
the FW table for forwarded traffic, which routes inet traffic via eth1.

However, the SNAT rule in the nat table is ignored(eth1 is not
correctly selected) and the MASQUERADE rule takes place. The packets
are not sent trough eth2 either, and here comes the syslog msg:

MASQUERADE: Route sent us somewhere else

I'm using similar setup for localy generated packets(

*mangle
-A OUTPUT -o eth2 -m owner --uid-owner dev -j MARK --set-mark 0x1

), which works just fine.

Currenly I'm able to workaround the problem by adding the following rule :

/sbin/ip ru add iif eth0 lookup FW prio 45   # [1]

I think there should be two routing decigions(RD) for forwarded packets:

-->PREROUTING-->RD1-->FORWARD-->RD2-->POSTROUTING

, right ?
At least it's that way for the OUTPUT chain. My additional rule [1],
makes both the RDs refer to the same table - FW. Without it the main
table is refered by RD1 and FW by RD2, which breaks the things down.

I'm running kernel 2.4.24 with all the submitted/pending patches from 
p-o-m 20030912 applied.

Any ideas ?

Cheers,
Delian

p.s. please CC me when replying since I'm not subscribed to the list.