checksum issue with xtables-addons RAWNAT

checksum issue with xtables-addons RAWNAT

[Randy Thornton]

I'm trying to use RAWSNAT and RAWDNAT commands to route traffic through a proxy.  It works correctly for IPV4 traffic, but fails on IPV6 traffic.  The IP addresses are modified correctly, but the IP checksum is incorrect and the destination refuses the packets.

Command that redirects the outgoing packets:
ip6tables -t raw -A OUTPUT  -p tcp -d fd00:192:168:200::100 --dport 80  -j RAWDNAT --to-destination fd00:172:168:0::11

I'm running xtables-addons-1.47.1 on Centos 6 with the latest kernel 2.6.32-431.3.1.el6.x86_64.

Has anyone used these commands successfully with IPV6 connections?  
Has this been fixed in a later release of xtables-addons?  If so, can anyone point me to the fix?

Randy Thornton
Circadence
randy@circadence.com

Re: checksum issue with xtables-addons RAWNAT

[Mart Frauenlob]

On 06.02.2014 17:31, Randy Thornton wrote:
>
> I'm trying to use RAWSNAT and RAWDNAT commands to route traffic through a proxy.  It works correctly for IPV4 traffic, but fails on IPV6 traffic.  The IP addresses are modified correctly, but the IP checksum is incorrect and the destination refuses the packets.
>
> Command that redirects the outgoing packets:
> ip6tables -t raw -A OUTPUT  -p tcp -d fd00:192:168:200::100 --dport 80  -j RAWDNAT --to-destination fd00:172:168:0::11
>
> I'm running xtables-addons-1.47.1 on Centos 6 with the latest kernel 2.6.32-431.3.1.el6.x86_64.
>
> Has anyone used these commands successfully with IPV6 connections?
> Has this been fixed in a later release of xtables-addons?  If so, can anyone point me to the fix?

Afaik, RAW[DS]NAT has been removed from latest xta.

Best regards
Mart