| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f4845fc0809180138x1eb793ebq153a54c46373bd90@mail.gmail.com> Date: Thu, 18 Sep 2008 10:38:31 +0200 From: "Julius Volz" <juliusv@...gle.com> To: "Joseph Mack NA3T" <jmack@...d.net> Cc: "Simon Horman" <horms@...ge.net.au>, lvs-devel@...r.kernel.org, netdev@...r.kernel.org, j.stubbs@...kthink.co.jp, "Siim Põder" <siim@...rad-teel.net>, "Vince Busam" <vbusam@...gle.com> Subject: Re: Adding SNAT support to LVS/NAT On Thu, Sep 18, 2008 at 12:53 AM, Joseph Mack NA3T <jmack@...d.net> wrote: > On Tue, 16 Sep 2008, Julius Volz wrote: > >> Amazingly, the first SYN and the SYN/ACK of a TCP connection to the >> VIP:vport do not traverse the NAT chain in POSTROUTING at all > > :-( > >> (verified by LOG target), > > you didn't see the packets in the logs? Exactly. No matter what I do, only the ACK in response to the SYN/ACK appears in the logs. With SNAT without IPVS, the SYN packet correctly enters the chain/table. I haven't found anything in the IPVS or Netfilter code yet that could cause this problem... Julius -- Julius Volz - Corporate Operations - SysOps Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists