From: Patrick McHardy <kaber@trash.net>
To: miklautz@inqnet.at
Cc: linux-net@vger.kernel.org, Linux Netdev List <netdev@vger.kernel.org>
Subject: Re: Veth problems with bridge
Date: Tue, 03 Jun 2008 18:17:29 +0200 [thread overview]
Message-ID: <48456E99.4080803@trash.net> (raw)
In-Reply-To: <4845621E.6080104@inqnet.at>
Bernhard Miklautz wrote:
> Hi Patrick,
>
> Patrick McHardy wrote:
>> Bernhard Miklautz wrote:
>>> [...]
>>> I also tried the whole setup without using veth; the IP directly bound
>>> to br0, as well as without the bridge at all. No problems with that.
>>> So there might be some problems with veth?
>> Does "echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables" fix it?
>
> On my hardware machine this seems to fix the problem :). But why does
> bridge-nf-call-iptables influent source nat on an other interface? -
> Shouldn't the source address always be translated when an output
> interface is set (iptables -A POSTROUTING -o eth3 -t nat -j MASQUERADE)?
The bridging code passes packets through IPv4 netfilter and
connection tracking, so when they hit your MASQUERADE rule,
the NAT mappings have already been set up.
Its a really bad default, but I feel uneasy changing it since
I'm sure some people are relying on it.
next prev parent reply other threads:[~2008-06-03 16:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4845475A.7020207@inqnet.at>
2008-06-03 14:16 ` Veth problems with bridge Patrick McHardy
2008-06-03 15:24 ` Bernhard Miklautz
2008-06-03 16:17 ` Patrick McHardy [this message]
2008-06-04 13:38 ` Bernhard Miklautz
2008-06-04 13:42 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48456E99.4080803@trash.net \
--to=kaber@trash.net \
--cc=linux-net@vger.kernel.org \
--cc=miklautz@inqnet.at \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).