lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 May 2007 13:13:43 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: netdev@...r.kernel.org Cc: Patrick McHardy <kaber@...sh.net>, "bugme-daemon@...nel-bugs.osdl.org" <bugme-daemon@...zilla.kernel.org>, elendil@...net.nl Subject: Re: [Bugme-new] [Bug 8519] New: NAT prerouting over tun interface broken On Mon, 21 May 2007 13:05:36 -0700 bugme-daemon@...zilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=8519 > > Summary: NAT prerouting over tun interface broken > Kernel Version: 2.6.21.1 > Status: NEW > Severity: normal > Owner: networking_netfilter-iptables@...nel-bugs.osdl.org > Submitter: elendil@...net.nl > > > Most recent kernel where this bug did *NOT* occur: 2.6.20.7 > Distribution: Debian unstable > Hardware Environment: EM64T (Pentium D) running amd64 kernel > Software Environment: Debian unstable > > Problem Description: > I have the hercules s/390 emulator running on an EM64T host, both running > Debian unstable. I use a tun interface, a second IP address on eth0 and > iptables/nat so the emulator has it's own address on my local network. > > With 2.6.21.1 on the host, networking between the emulator and the host system > is fine (I can ssh from the host into the emulator without problems), but > communication from the emulator with other boxes is broken. Other boxes also > don't see the emulator if I ping its external address. > > If I ping another box on my LAN from the emulator while running wireshark on > the host, I can see that: > - the echo request gets sent OK > - the other box replies OK > - the host receives the echo reply > - but the tun interface never gets it. > > If I boot the host with 2.6.20 everything works fine again. > > Here is how the setup looks: > |---------------- host system --------------------| > |-- emulator --| > eth0 tun ctc0 > LAN <---> 10.19.66.21 > LAN <---> 10.19.66.92 <---> 10.19.92.2 <---> 10.19.92.1 > nat P2P > > The only active iptables rules are: > iptables -t nat -A PREROUTING -d 10.19.66.92 \ > -j DNAT --to-destination 10.19.92.1 > iptables -t nat -A POSTROUTING -s 10.19.92.1 \ > -j SNAT --to-source 10.19.66.92 - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists