From: John M Flinchbaugh <glynis@butterfly.hjsoft.com>
To: Dan Broscoi <brosky@bronet.ro>
Cc: linux-kernel@vger.kernel.org, rusty@rustcorp.com.au
Subject: Re: still having smp/snat problems (Re: Linux 2.4.19-rc3)
Date: Mon, 10 Mar 2003 10:03:06 -0500 [thread overview]
Message-ID: <20030310150306.GA8145@butterfly.hjsoft.com> (raw)
In-Reply-To: <002201c2e6e8$ee071d40$0201a8c0@intranet>
[-- Attachment #1: Type: text/plain, Size: 1410 bytes --]
On Mon, Mar 10, 2003 at 11:39:21AM +0200, Dan Broscoi wrote:
> i'm writing you after reading your post on
http://hypermail.idiosynkrasia.net/linux-kernel/archived/2002/week28/142
9.html
> I have the same problem, compiling a 2.4.20 kernel on Debian 3.0
> Do you know the fix for this ?
no one could really offer any help in the end. i think having the
multiple snat rules matching on all interfaces may have been
triggering a race in the conntrack code. i should probably resubmit
my findings.
anyway, limitting the rules by matching them only to their appropriate
interfaces seemed to alleviate the problem.
so now i use something similar to this:
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 \
-j SNAT --to 10.1.1.15
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 \
-j SNAT --to 192.168.1.1
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.2.0/24 \
-j SNAT --to 192.168.2.1
---
note the -o interface rules. this keeps it from applying more than
one snat rule to a packet. it only applies them to the packet going
out the proper interface.
ps. i'm actually going to bounce this to the kernel list again to see
if i can stir up any more noise on this one.
--
____________________}John Flinchbaugh{______________________
| glynis@hjsoft.com http://www.hjsoft.com/~glynis/ |
~~Powered by Linux: Reboots are for hardware upgrades only~~
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next parent reply other threads:[~2003-03-10 15:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <002201c2e6e8$ee071d40$0201a8c0@intranet>
2003-03-10 15:03 ` John M Flinchbaugh [this message]
2002-07-20 0:20 Linux 2.4.19-rc3 Marcelo Tosatti
2002-07-20 4:17 ` still having smp/snat problems (Re: Linux 2.4.19-rc3) glynis
2002-07-20 9:51 ` Martin Josefsson
2002-07-22 1:43 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030310150306.GA8145@butterfly.hjsoft.com \
--to=glynis@butterfly.hjsoft.com \
--cc=brosky@bronet.ro \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox