From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: netfilter@vger.kernel.org
Subject: Re: NAT for locahost to IP LAN for mail services
Date: Sat, 29 Nov 2008 11:30:00 +0100 [thread overview]
Message-ID: <493119A8.6060202@plouf.fr.eu.org> (raw)
In-Reply-To: <98028b00811282006r3dff45a9v7d52ec67077c7109@mail.gmail.com>
Zagato a écrit :
> Hi.. thanks for the answer... but i really sure that my old rules
> works fine on centos 4.2, when i upgrade to 5.2 psql -h localhost -p
> 5432 test have the same symptomatic, maybe a kernel module that i need
> to modoprobe ? what chage that my old rules doesn't work anymore... ?
>
> Centos 5.2 kernel: 2.6.18-92.el5
According to a quick search it seems that Centos 4.2 included a kernel
2.6.9. In kernels before 2.6.11, the DNAT target in the OUTPUT chain
used to change the source address to reflect the new output interface.
This is not true for newer 2.6 kernels due to a change in kernel 2.6.11.
From <http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11> :
========================================================================
[PATCH] Remove do_extra_mangle: double NAT on LOCAL_OUT
On NF_IP_LOCAL_OUT, when destination NAT changes the destination
interface, we also change the source address, so the packet is the
same as if it were generated to go that way in the first place. This
is not strictly necessary, I believe.
This patch rips that code out to see what breaks.
========================================================================
(Well, you can see what breaks)
next prev parent reply other threads:[~2008-11-29 10:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <98028b00811271443g51a06f71y14b605b9a8b7638f@mail.gmail.com>
2008-11-27 22:46 ` NAT for locahost to IP LAN for mail services Zagato
2008-11-27 23:42 ` Pascal Hambourg
2008-11-28 0:27 ` Zagato
2008-11-28 11:23 ` Pascal Hambourg
2008-11-29 4:06 ` Zagato
2008-11-29 10:30 ` Pascal Hambourg [this message]
2008-11-29 15:41 ` Zagato
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=493119A8.6060202@plouf.fr.eu.org \
--to=pascal.mail@plouf.fr.eu.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox