Re: Netfilter+IPsec patches

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Stephen Frost <sfrost@snowman.net>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: Netfilter+IPsec patches
Date: Sat, 21 Aug 2004 17:30:58 +0200	[thread overview]
Message-ID: <41276AB2.4030505@trash.net> (raw)
In-Reply-To: <20040818024852.GD21419@ns.snowman.net>

Stephen Frost wrote:

>* Stephen Frost (sfrost@snowman.net) wrote:
>  
>
>>I've got a bunch of network cards in my gateway, in this example we're
>>concerned w/ 3 of them- two connections to the internet, one internal.
>>For this to work I have to have source-based routing working (which it
>>used to, back when I was using 2.4).  It appears to still work fine for
>>connections which are *not* NAT'd.  For connections which are NAT'd it
>>goes like this:
>>    
>>
>
>Alright, so, tried something funny-  If I add a source-route rule for 
>the *internal* address of the machine then the source routing works (but,
>unfortunately, this breaks things since that machine needs to be able to
>accept connections from both internet connections).
>
>I'm guessing this is done because of the packets are going through the 
>stack twice, but only going through the routing code once, and that's
>happening prior to the NAT'ing?
>
>Please note, these packets aren't IPSEC'd and don't have anything to do
>w/ IPSEC stuff.  I'm doing some other IPSEC stuff on one of the
>connections at the moment, but that's all working fine (it's on
>internet1, so that may help...).
>  
>
It looks like it has something to do with the ipsec patches rerouting in
POSTROUTING after NAT. Please send your exact routes and rules, I can't
figure out the exact problem.

Regards
Patrick

next prev parent reply	other threads:[~2004-08-21 15:30 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-05-26  3:35 Netfilter+IPsec patches Alexander Samad
2004-05-27  0:56 ` Patrick McHardy
2004-05-27  4:46   ` Alexander Samad
2004-08-18  2:40     ` Stephen Frost
2004-08-18  2:48       ` Stephen Frost
2004-08-21 15:30         ` Patrick McHardy [this message]
2004-08-18  3:28       ` Philip Craig
2004-08-18  3:45         ` Stephen Frost
2004-08-18  4:05           ` Alexander Samad
2004-08-18  4:31           ` Philip Craig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41276AB2.4030505@trash.net \
    --to=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=sfrost@snowman.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.