[iptables PATCH] extensions: man: Add a note about route_localnet sysctl

[iptables PATCH] extensions: man: Add a note about route_localnet sysctl

[Łukasz Stelmach]

See ip_route_input_slow() in net/ipv4/route.c in the Linux
kernel sources.

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
---
 extensions/libxt_DNAT.man | 4 ++++
 1 file changed, 4 insertions(+)

diff --git extensions/libxt_DNAT.man extensions/libxt_DNAT.man
index 090ecb42..cbfa5478 100644
--- extensions/libxt_DNAT.man
+++ extensions/libxt_DNAT.man
@@ -23,6 +23,10 @@ its value is used as offset into the mapping port range. This allows one to crea
 shifted portmap ranges and is available since kernel version 4.18.
 For a single port or \fIbaseport\fP, a service name as listed in
 \fB/etc/services\fP may be used.
+If \fIipaddr\fP is an IPv4 loopback address (i.e. 127.0.0.0/8) the
+"net.ipv4.conf.*.route_localnet" sysctl for the input interface needs
+to be set to 1. Otherwise packets will be dropped by the routing code
+as "martians".
 .TP
 \fB\-\-random\fP
 Randomize source port mapping (kernel >= 2.6.22).
-- 
2.39.5

Re: [iptables PATCH] extensions: man: Add a note about route_localnet sysctl

[Florian Westphal]

Łukasz Stelmach <l.stelmach@samsung.com> wrote:
> See ip_route_input_slow() in net/ipv4/route.c in the Linux
> kernel sources.

Applied.