Hello again, I forgot to attach the important files :-P Manu schrieb: > Hello, > > my issue is to connect 2 pc's with different fix IP addresses! > PC1: 10.0.0.1 and 10.0.17.1 > PC2: 192.168.0.123 with gateway: 192.168.0.1 > I modified the sources of actual RAWNAT > (xtables-addons-6e918514b752.... ) module from > http://dev.computergmbh.de/. See attachement! > I modified the sources of my kernel-2.6.23, as well. See attachment. > > Interfaces on PC1: > eth0: 10.0.0.1 > eth0:2 10.0.17.1 > > My arptables rules are: > arptables -A OUTPUT -d 10.0.17.2 -j mangle --mangle-ip-d 192.168.0.123 > --mangle-ip-s 10.0.17.1 > arptables -A INPUT -s 192.168.0.123 -j mangle --mangle-ip-s 10.0.17.2 > --mangle-ip-d 10.0.0.1 > > My iptables rules are: > iptables -t raw -I PREROUTING -s 192.168.0.123 -j RAWSNAT --to-source > 10.0.17.2 > iptables -t rawpost -I POSTROUTING -d 10.0.17.2 -j RAWDNAT > --to-destination 192.168.0.123 > > Iptables: 1.4.1.2 > Kernel: 2.6.23 > gcc: 3.3 > > With "iptables -t rawpost -I POSTROUTING -d 10.0.17.2 -j RAWDNAT > --to-destination 192.168.0.123", I can succesfully ping PC2 from PC1 > with command "ping 10.0.17.2"! > tcpdump says: > 17:54:41.897864 10.0.17.1 > 192.168.0.123: icmp: echo request (DF) > (ttl 64, id 1, len 84) > 17:54:41.898156 192.168.0.123 > 10.0.17.1: icmp: echo reply (DF) (ttl > 128, id 4526, len 84) > > But If I want to ping PC1 from PC2 with command "ping 10.0.17.1" and > with "iptables -t raw -I PREROUTING -s 192.168.0.123 -j RAWSNAT > --to-source 10.0.17.2" I got a system "crash" (complete hang up) like > descriped in my former postings?! > It seems that the modified paket with source address replacement is in > improper format?!! maybe the checksum? > The system "crashed" everytime, if a paket comes from 192.168.0.123 > and entered the rule from iptables!?! If I set a rule e.g. "iptables > -t raw -I PREROUTING -s 192.168.0.123 -j DROP" - it works fine! > > klogd says: > <3>compat_xtables: compat layer limits reached > (xtnu_skb_make_writable) - dropping packets > > one time I get this immediately before the crash: > # iptables -nvL -t raw > Chain PREROUTING (policy ACCEPT 16562 packets, 13M bytes) > pkts bytes target prot opt in out source > destination > 15 1461 DROP all -- eth2 * 0.0.0.0/0 > 224.0.0.251 > 0 0 RAWSNAT all -- eth2 * 192.168.0.123 > 0.0.0.0/0 to-source 10.0.17.2/32 > > Chain OUTPUT (policy ACCEPT 10293 packets, 1584K bytes) > pkts bytes target prot opt in out source > destination > # iptables -nvL -t raw > Chain PREROUTING (policy ACCEPT 16575 packets, 13M bytes) > pkts bytes target prot opt in out source > destination > Segmentation fault > > happens when (tcpdump-trace): passierte bei: > > 13:41:39.810642 0:14:b:30:d0:2 0:30:18:49:f3:2a 0800 86: > 192.168.0.123.1025 > 192.168.0.1.53: [udp sum ok] 51493+ PTR? > 123.0.168.192.in-addr.arpa. (44) (ttl 255, id 7738, len 72) > 0x0000 4500 0048 1e3a 0000 ff11 1b9e c0a8 007b E..H.:.........{ > 0x0010 c0a8 0001 0401 0035 0034 efaf c925 0100 .......5.4...%.. > 0x0020 0001 0000 0000 0000 0331 3233 0130 0331 .........123.0.1 > 0x0030 3638 0331 3932 0769 6e2d 6164 6472 0461 68.192.in-addr.a > 0x0040 7270 6100 000c 0001 rpa..... > > > Any help would be so much appreciated! > Thank you very much in advance! > > Regards, > Manu > > > > > > -- > To unsubscribe from this list: send the line "unsubscribe > netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html >