From: Andrew Morton <akpm@linux-foundation.org>
To: netdev@vger.kernel.org
Cc: Patrick McHardy <kaber@trash.net>,
"bugme-daemon@kernel-bugs.osdl.org"
<bugme-daemon@bugzilla.kernel.org>,
elendil@planet.nl
Subject: Re: [Bugme-new] [Bug 8519] New: NAT prerouting over tun interface broken
Date: Mon, 21 May 2007 13:13:43 -0700 [thread overview]
Message-ID: <20070521131343.cbf3bcaa.akpm@linux-foundation.org> (raw)
In-Reply-To: <200705212005.l4LK5aJk029945@fire-2.osdl.org>
On Mon, 21 May 2007 13:05:36 -0700
bugme-daemon@bugzilla.kernel.org wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=8519
>
> Summary: NAT prerouting over tun interface broken
> Kernel Version: 2.6.21.1
> Status: NEW
> Severity: normal
> Owner: networking_netfilter-iptables@kernel-bugs.osdl.org
> Submitter: elendil@planet.nl
>
>
> Most recent kernel where this bug did *NOT* occur: 2.6.20.7
> Distribution: Debian unstable
> Hardware Environment: EM64T (Pentium D) running amd64 kernel
> Software Environment: Debian unstable
>
> Problem Description:
> I have the hercules s/390 emulator running on an EM64T host, both running
> Debian unstable. I use a tun interface, a second IP address on eth0 and
> iptables/nat so the emulator has it's own address on my local network.
>
> With 2.6.21.1 on the host, networking between the emulator and the host system
> is fine (I can ssh from the host into the emulator without problems), but
> communication from the emulator with other boxes is broken. Other boxes also
> don't see the emulator if I ping its external address.
>
> If I ping another box on my LAN from the emulator while running wireshark on
> the host, I can see that:
> - the echo request gets sent OK
> - the other box replies OK
> - the host receives the echo reply
> - but the tun interface never gets it.
>
> If I boot the host with 2.6.20 everything works fine again.
>
> Here is how the setup looks:
> |---------------- host system --------------------|
> |-- emulator --|
> eth0 tun ctc0
> LAN <---> 10.19.66.21
> LAN <---> 10.19.66.92 <---> 10.19.92.2 <---> 10.19.92.1
> nat P2P
>
> The only active iptables rules are:
> iptables -t nat -A PREROUTING -d 10.19.66.92 \
> -j DNAT --to-destination 10.19.92.1
> iptables -t nat -A POSTROUTING -s 10.19.92.1 \
> -j SNAT --to-source 10.19.66.92
next parent reply other threads:[~2007-05-21 20:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <200705212005.l4LK5aJk029945@fire-2.osdl.org>
2007-05-21 20:13 ` Andrew Morton [this message]
2007-05-21 22:28 ` [Bugme-new] [Bug 8519] New: NAT prerouting over tun interface broken Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070521131343.cbf3bcaa.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=bugme-daemon@bugzilla.kernel.org \
--cc=elendil@planet.nl \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.