lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 21 May 2007 13:13:43 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	netdev@...r.kernel.org
Cc:	Patrick McHardy <kaber@...sh.net>,
	"bugme-daemon@...nel-bugs.osdl.org" 
	<bugme-daemon@...zilla.kernel.org>, elendil@...net.nl
Subject: Re: [Bugme-new] [Bug 8519] New: NAT prerouting over tun interface
 broken

On Mon, 21 May 2007 13:05:36 -0700
bugme-daemon@...zilla.kernel.org wrote:

> http://bugzilla.kernel.org/show_bug.cgi?id=8519
> 
>            Summary: NAT prerouting over tun interface broken
>     Kernel Version: 2.6.21.1
>             Status: NEW
>           Severity: normal
>              Owner: networking_netfilter-iptables@...nel-bugs.osdl.org
>          Submitter: elendil@...net.nl
> 
> 
> Most recent kernel where this bug did *NOT* occur: 2.6.20.7
> Distribution: Debian unstable
> Hardware Environment: EM64T (Pentium D) running amd64 kernel
> Software Environment: Debian unstable
> 
> Problem Description:
> I have the hercules s/390 emulator running on an EM64T host, both running 
> Debian unstable. I use a tun interface, a second IP address on eth0 and 
> iptables/nat so the emulator has it's own address on my local network.
> 
> With 2.6.21.1 on the host, networking between the emulator and the host system 
> is fine (I can ssh from the host into the emulator without problems), but 
> communication from the emulator with other boxes is broken. Other boxes also 
> don't see the emulator if I ping its external address.
> 
> If I ping another box on my LAN from the emulator while running wireshark on 
> the host, I can see that:
> - the echo request gets sent OK
> - the other box replies OK
> - the host receives the echo reply
> - but the tun interface never gets it.
> 
> If I boot the host with 2.6.20 everything works fine again.
> 
> Here is how the setup looks:
>         |---------------- host system --------------------|
>                                            |-- emulator --|
>             eth0              tun              ctc0
>  LAN  <---> 10.19.66.21   
>  LAN  <---> 10.19.66.92 <---> 10.19.92.2 <---> 10.19.92.1
>                          nat              P2P
> 
> The only active iptables rules are:
> iptables -t nat -A PREROUTING -d 10.19.66.92 \
>          -j DNAT --to-destination 10.19.92.1
> iptables -t nat -A POSTROUTING -s 10.19.92.1 \
>          -j SNAT --to-source 10.19.66.92
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists