bugzilla-daemon@netfilter.org
2003-Feb-19 03:35 UTC
[Bug 52] masquerading not working with iproute2
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=52 ------- Additional Comments From stewart@gammasolutions.com 2003-02-19 04:02 ------- Created an attachment (id=3) routing setup ------- Additional Comments From stewart@gammasolutions.com 2003-02-19 04:03 ------- Created an attachment (id=4) iptables script (for iptables-restore) ------- Additional Comments From stewart@gammasolutions.com 2003-02-19 04:35 ------- using tcpdump, i found the following: on Omega (the machine with iproute2 enable) the packets come out on the wire without their address rewritten (i.e. it says 192.168.0.18 instead of the external address) on delta, it comes out on the wire with the address rewritten (i.e. correct). ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Feb-22 11:37 UTC
[Bug 52] masquerading not working with iproute2
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=52 ------- Additional Comments From kaber@trash.net 2003-02-22 12:37 ------- Perhaps you wish to attach the correct scripts ? from first one: IF1=eth0 IF2=eth2 second one: [0:0] -A POSTROUTING -d 203.1.223.9 -o eth1 -j MASQUERADE [0:0] -A POSTROUTING -d www.apple.com -o eth1 -j MASQUERADE ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Feb-25 23:44 UTC
[Bug 52] masquerading not working with iproute2
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=52 ------- Additional Comments From stewart@gammasolutions.com 2003-02-26 00:44 ------- these are actually the correct scripts. There are 3 ethernet interfaces eth0 - internet connection to (more) expensive ISP that does our hosting eth1 - intranet connection (local LAN) eth2 - internet connection to (less) expensive ISP that we use for web browsing etc because it's cheaper. the aim is to make sure all the connections that come in on eth0 are serviced through eth0 (i.e. all the hosting) and all new connections go through eth2. there is no global NAT thing going on as I am forcing everyone to use the proxy. There is, however, one app that we use that does neet to have NAT to the one IP. This is what i'm trying to get going. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Feb-26 17:11 UTC
[Bug 52] masquerading not working with iproute2
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=52 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|blocker |minor Status|NEW |RESOLVED Resolution| |LATER ------- Additional Comments From laforge@netfilter.org 2003-02-26 18:11 ------- Why are you so sure this is a bug? Did you ask at the LARTC mailinglist, lots of people should have similar setups. Maybe it's just a misconfiguration issue? And even if, how can this be of priority 'blocker'? It is not security relevant at all. A particular feature [that I think is used very often] seems not to work in a very special setup. This is certainly no justification for 'blocker'. Please go discuss this setup at the LARTC (www.lartc.org) mailinglist and confirm that there really is a bug. From what I understood, this scenario should be possible, maybe with different configuration. We should make sure that only bugs show up in bugzilla _after_ it is assured that there is no way to configure a particular (supposed to be working) feature. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
bugzilla-daemon@netfilter.org
2003-Feb-26 23:44 UTC
[Bug 52] masquerading not working with iproute2
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=52 ------- Additional Comments From stewart@gammasolutions.com 2003-02-27 00:44 ------- reported as bug as exact NAT script works without the IProute2 stuff on another bo x. Theory being that these shouldn't be that intertwined and should be able to be configured seperately (which doesn't seem to be the case on my setup, as it doesn't work). 'Blocker' becasue there isn't actually anything happenning that would be considered correct, so it's blocking me doing anything. didn't know about the list, am subscribing now and will forward basically the text of this bug to it. I at least think that there should be some kind of bug reported if the (logical to me at least) way of doing this doesn't work at all. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.