lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200702081652.31527.netdev@axxeo.de>
Date:	Thu, 8 Feb 2007 16:52:31 +0100
From:	Ingo Oeser <netdev@...eo.de>
To:	Patrick McHardy <kaber@...sh.net>
Cc:	netdev@...r.kernel.org
Subject: Re: Funny Routing change since 2.6.16.x

Hi Patrick,

Patrick McHardy schrieb:
> Ingo Oeser wrote:
> > Patrick McHardy schrieb:
> > 
> >>My guess is that you're using MASQUERADE on ppp0, which since 2.6.14
> >>doesn't exclude locally generated packets anymore, so it translates
> >>them to the primary ppp0 address. For replies it works because NAT
> >>is already set up for the incoming packet, without masquerading.
> > 
> > 
> > Your guess is right! Thanks for that hint. Do you have any idea, how to
> > restore the old behavior? 
> > 
> > I have to, because the ISP cannot assign a different local address
> > and have problems with the new behavior, because that IP adress is an MX entry
> > and the VPN gateway address for several third party vendor tunnels. 
> > So changing that is quite an effort.
> 
> 
> Since these packets already have the proper source address chosen
> by routing, there is no need to NAT them anymore. So the easiest
> fix is to exclude them manually from masquerading based on the
> address.

Just did that (iptables -t nat -I POSTROUTING -s $SRCADDR -o ppp0 -j ACCEPT)
and it works without any problems.

Many thanks for your very fast help! I'm very happy now :-)

Do you know any good place, where this can be documented?


Best regards

Ingo Oeser
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ