lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <45CA09F2.6050700@trash.net>
Date:	Wed, 07 Feb 2007 18:18:42 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Ingo Oeser <netdev@...eo.de>
CC:	netdev@...r.kernel.org
Subject: Re: Funny Routing change since 2.6.16.x

Ingo Oeser wrote:
> Patrick McHardy schrieb:
> 
>>My guess is that you're using MASQUERADE on ppp0, which since 2.6.14
>>doesn't exclude locally generated packets anymore, so it translates
>>them to the primary ppp0 address. For replies it works because NAT
>>is already set up for the incoming packet, without masquerading.
> 
> 
> Your guess is right! Thanks for that hint. Do you have any idea, how to
> restore the old behavior? 
> 
> I have to, because the ISP cannot assign a different local address
> and have problems with the new behavior, because that IP adress is an MX entry
> and the VPN gateway address for several third party vendor tunnels. 
> So changing that is quite an effort.


Since these packets already have the proper source address chosen
by routing, there is no need to NAT them anymore. So the easiest
fix is to exclude them manually from masquerading based on the
address.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ