| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 07 Feb 2007 18:18:42 +0100 From: Patrick McHardy <kaber@...sh.net> To: Ingo Oeser <netdev@...eo.de> CC: netdev@...r.kernel.org Subject: Re: Funny Routing change since 2.6.16.x Ingo Oeser wrote: > Patrick McHardy schrieb: > >>My guess is that you're using MASQUERADE on ppp0, which since 2.6.14 >>doesn't exclude locally generated packets anymore, so it translates >>them to the primary ppp0 address. For replies it works because NAT >>is already set up for the incoming packet, without masquerading. > > > Your guess is right! Thanks for that hint. Do you have any idea, how to > restore the old behavior? > > I have to, because the ISP cannot assign a different local address > and have problems with the new behavior, because that IP adress is an MX entry > and the VPN gateway address for several third party vendor tunnels. > So changing that is quite an effort. Since these packets already have the proper source address chosen by routing, there is no need to NAT them anymore. So the easiest fix is to exclude them manually from masquerading based on the address. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists