Hi We have applied the routing patches from http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our output natting. Has anyone else experienced this or any advice on how to fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be appreciated. -- Tim Haak email: tim@haak.co.uk cel: 0837787100 First love is only a little foolishness and a lot of curiosity, no really self-respecting woman would take advantage of it. -- George Bernard Shaw, "John Bull''s Other Island" _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hi We have applied the routing patches from http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our output natting. Has anyone else experienced this or any advice on how to fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be appreciated. -- Tim Haak _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hello, On Tue, 23 Jan 2007, Tim Haak wrote:> We have applied the routing patches from > http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our > output natting. Has anyone else experienced this or any advice on how to > fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be > appreciated.Month ago Bart Duchesne found a problem with the routes patch for 2.6 where reply packet for -j DNAT connections initiated in OUTPUT are dropped in pre-routing. I now updated the patches and if you have the same problem you can try the new diffs from today, eg. http://www.ssi.bg/~ja/routes-2.6.19-13.diff The fix for old patches is to remove the following extra check (2 lines from net/ipv4/route.c) which obviously aborts ip_route_input() with EINVAL for RTN_LOCAL when replies from remote host are destined to our local IP: + if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT) + goto e_inval; Regards -- Julian Anastasov <ja@ssi.bg>
Hi thanks for the quick response that seemed to work :) Tim Haak email: tim@haak.co.uk cel: 0837787100 The executioner is, I hear, very expert, and my neck is very slender. -- Anne Boleyn Julian Anastasov wrote:> Hello, > > On Tue, 23 Jan 2007, Tim Haak wrote: > > >> We have applied the routing patches from >> http://www.ssi.bg/%7Eja/#routes. To 2.6.15 this seems to have broken our >> output natting. Has anyone else experienced this or any advice on how to >> fix. Is this working on the newer kernel i.e. 2.6.19 ? Any help would be >> appreciated. >> > > Month ago Bart Duchesne found a problem with the > routes patch for 2.6 where reply packet for -j DNAT connections initiated > in OUTPUT are dropped in pre-routing. I now updated the patches and if you > have the same problem you can try the new diffs from today, eg. > > http://www.ssi.bg/~ja/routes-2.6.19-13.diff > > The fix for old patches is to remove the following extra check > (2 lines from net/ipv4/route.c) which obviously aborts ip_route_input() > with EINVAL for RTN_LOCAL when replies from remote host are destined to > our local IP: > > + if (lsrc && res.type != RTN_UNICAST && res.type != RTN_NAT) > + goto e_inval; > > Regards > > -- > Julian Anastasov <ja@ssi.bg> > >_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc