* Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip
@ 2005-02-07 19:42 David S. Miller
2005-02-07 20:15 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2005-02-07 19:42 UTC (permalink / raw)
To: netfilter-devel
Didn't this get changed on purpose?
Begin forwarded message:
Date: Mon, 7 Feb 2005 11:18:22 -0800
From: Andrew Morton <akpm@osdl.org>
To: netdev@oss.sgi.com
Cc: spied@yandex.ru
Subject: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip
Begin forwarded message:
Date: Mon, 7 Feb 2005 10:16:56 -0800
From: bugme-daemon@osdl.org
To: bugme-new@lists.osdl.org
Subject: [Bugme-new] [Bug 4180] New: masquarade and source ip
http://bugme.osdl.org/show_bug.cgi?id=4180
Summary: masquarade and source ip
Kernel Version: 2.6.10
Status: NEW
Severity: normal
Owner: laforge@gnumonks.org
Submitter: spied@yandex.ru
i try next on router (eth0 - inernet, eth1 - localnet):
ip addr add eth0 1.2.3.4
ip addr add eth0 2.3.4.5
ip route add default via 2.3.4.6 src 2.3.4.5
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d ! 10.0.0.0/8 -j MASQUERADE
if i do ping www.google.com from router source ip is 2.3.4.5, but if i do ping
from local network source ip is 1.2.3.4 (i think it's wrong)
with older kernel source ip is always set to 2.3.4.5
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip
2005-02-07 20:15 ` Patrick McHardy
@ 2005-02-07 20:14 ` David S. Miller
2005-02-08 2:21 ` Rusty Russell
0 siblings, 1 reply; 4+ messages in thread
From: David S. Miller @ 2005-02-07 20:14 UTC (permalink / raw)
To: Patrick McHardy; +Cc: rusty, netfilter-devel
On Mon, 07 Feb 2005 21:15:50 +0100
Patrick McHardy <kaber@trash.net> wrote:
> >Didn't this get changed on purpose?
>
> Yes. One thing we could do to make it more consistent is treat
> local packets the same way as forwarded ones in MASQUERADE, then
> at least all packets would have the same source address. This check
> currently prevents local packets from beeing masqueraded:
>
> /* FIXME: For the moment, don't do local packets, breaks
> testsuite for 2.3.49 --RR */
> if ((*pskb)->sk)
> return NF_ACCEPT;
>
> I'm not sure if we can simply remove it, maybe Rusty remembers :)
Ok, when you figure out what's going on please post the analysis to
netdev et al., and in particular Andrew or Stephen, so the bugzilla
can get closed properly.
Thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip
2005-02-07 19:42 Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip David S. Miller
@ 2005-02-07 20:15 ` Patrick McHardy
2005-02-07 20:14 ` David S. Miller
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2005-02-07 20:15 UTC (permalink / raw)
To: David S. Miller; +Cc: Rusty Russell, netfilter-devel
David S. Miller wrote:
>Didn't this get changed on purpose?
>
Yes. One thing we could do to make it more consistent is treat
local packets the same way as forwarded ones in MASQUERADE, then
at least all packets would have the same source address. This check
currently prevents local packets from beeing masqueraded:
/* FIXME: For the moment, don't do local packets, breaks
testsuite for 2.3.49 --RR */
if ((*pskb)->sk)
return NF_ACCEPT;
I'm not sure if we can simply remove it, maybe Rusty remembers :)
Regards
Patrick
>
>Begin forwarded message:
>
>if i do ping www.google.com from router source ip is 2.3.4.5, but if i do ping
>from local network source ip is 1.2.3.4 (i think it's wrong)
>
>with older kernel source ip is always set to 2.3.4.5
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip
2005-02-07 20:14 ` David S. Miller
@ 2005-02-08 2:21 ` Rusty Russell
0 siblings, 0 replies; 4+ messages in thread
From: Rusty Russell @ 2005-02-08 2:21 UTC (permalink / raw)
To: David S. Miller
Cc: spied, Netfilter development mailing list, Patrick McHardy
On Mon, 2005-02-07 at 12:14 -0800, David S. Miller wrote:
> On Mon, 07 Feb 2005 21:15:50 +0100
> Patrick McHardy <kaber@trash.net> wrote:
>
> > >Didn't this get changed on purpose?
> >
> > Yes. One thing we could do to make it more consistent is treat
> > local packets the same way as forwarded ones in MASQUERADE, then
> > at least all packets would have the same source address. This check
> > currently prevents local packets from beeing masqueraded:
> >
> > /* FIXME: For the moment, don't do local packets, breaks
> > testsuite for 2.3.49 --RR */
> > if ((*pskb)->sk)
> > return NF_ACCEPT;
> >
> > I'm not sure if we can simply remove it, maybe Rusty remembers :)
Remove it; nothing should break. The network code used to hate local
packets getting changed, but we do the right thing these days (if not,
that's another bug).
> Ok, when you figure out what's going on please post the analysis to
> netdev et al., and in particular Andrew or Stephen, so the bugzilla
> can get closed properly.
We vastly simplified the masquerade code to use inet_select_addr(),
because its purpose is for dynamic links. This user should be using
SNAT to specify exactly what he/she wants.
Rusty.
--
A bad analogy is like a leaky screwdriver -- Richard Braakman
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-02-08 2:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-07 19:42 Fw: Fw: [Bugme-new] [Bug 4180] New: masquarade and source ip David S. Miller
2005-02-07 20:15 ` Patrick McHardy
2005-02-07 20:14 ` David S. Miller
2005-02-08 2:21 ` Rusty Russell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.