bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-21 20:06 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-21 20:06 MET ------- In ip route add .../29 it should be /24 of course. I think that source routing is setup correctly: I can ping/connect to my router through both interfaces from outside no matter how I setup default routing on it. Marcin Z -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-21 20:06 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-21 20:06 MET ------- In ip route add .../29 it should be /24 of course. I think that source routing is setup correctly: I can ping/connect to my router through both interfaces from outside no matter how I setup default routing on it. Marcin Z -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 01:01 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-22 01:01 MET ------- /sbin/ip rule add from 10.0.0.1 table TABLE1 /sbin/ip rule add from 10.0.1.1 table TABLE2 This only catches locally generated packets. Where are your routes to and from 10.0.2.0/24? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 01:01 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-22 01:01 MET ------- /sbin/ip rule add from 10.0.0.1 table TABLE1 /sbin/ip rule add from 10.0.1.1 table TABLE2 This only catches locally generated packets. Where are your routes to and from 10.0.2.0/24? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 08:38 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-22 08:38 MET ------- Source routing was setup according to Linux Advanced Routing & Traffic Control HOWTO <http://lartc.org/howto/lartc.rpdb.multiple-links.html> - 4.2.1 To my internal network there is standard routing added by ifup scripts. ... Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 ... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 08:38 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-22 08:38 MET ------- Source routing was setup according to Linux Advanced Routing & Traffic Control HOWTO <http://lartc.org/howto/lartc.rpdb.multiple-links.html> - 4.2.1 To my internal network there is standard routing added by ifup scripts. ... Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 ... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 08:39 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-22 08:39 MET ------- Please post all your routing rules and routes. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 08:39 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-22 08:39 MET ------- Please post all your routing rules and routes. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 09:44 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452
------- Additional Comments From mzurakowski-bin@data.pl 2006-02-22 09:44 MET
-------
gw:/home/marcin# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:B8
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5411985 errors:0 dropped:0 overruns:0 frame:0
TX packets:5051983 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1726010421 (1.6 GiB) TX bytes:3518191111 (3.2 GiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:C2
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3776297 errors:0 dropped:0 overruns:0 frame:0
TX packets:3737309 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2253271526 (2.0 GiB) TX bytes:1358136401 (1.2 GiB)
Interrupt:217 Base address:0xd400
eth2 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:CC
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2005907 errors:0 dropped:0 overruns:0 frame:0
TX packets:1960342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1559244740 (1.4 GiB) TX bytes:1308894121 (1.2 GiB)
Interrupt:201 Base address:0xd800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
gw:/home/marcin# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 10.0.1.2 0.0.0.0 UG 5 0 0 eth1
gw:/home/marcin# ip rule list
0: from all lookup local
32760: from 10.0.1.1 lookup TABLE2
32761: from 10.0.0.1 lookup TABLE1
32766: from all lookup main
32767: from all lookup default
gw:/home/marcin# ip route list table local
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 10.0.0.1 dev eth0 proto kernel scope host src 10.0.0.1
local 10.0.2.1 dev eth2 proto kernel scope host src 10.0.2.1
broadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 10.0.2.0 dev eth2 proto kernel scope link src 10.0.2.1
broadcast 10.0.1.255 dev eth1 proto kernel scope link src 10.0.1.1
local 10.0.1.1 dev eth1 proto kernel scope host src 10.0.1.1
broadcast 10.0.1.0 dev eth1 proto kernel scope link src 10.0.1.1
broadcast 10.0.0.255 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 10.0.2.255 dev eth2 proto kernel scope link src 10.0.2.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
gw:/home/marcin# ip route list table TABLE1
10.0.0.0/24 dev eth0 scope link src 10.0.0.1
default via 10.0.0.2 dev eth0
gw:/home/marcin# ip route list table TABLE2
10.0.1.0/24 dev eth1 scope link src 10.0.1.1
default via 10.0.1.2 dev eth1
gw:/home/marcin# ip route list table main
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.1
10.0.2.0/24 dev eth2 proto kernel scope link src 10.0.2.1
default via 10.0.0.2 dev eth0
default via 10.0.1.2 dev eth1 metric 5
gw:/home/marcin# ip route list table default
gw:/home/marcin#
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-22 09:44 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452
------- Additional Comments From mzurakowski-bin@data.pl 2006-02-22 09:44 MET
-------
gw:/home/marcin# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:B8
inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3b8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5411985 errors:0 dropped:0 overruns:0 frame:0
TX packets:5051983 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1726010421 (1.6 GiB) TX bytes:3518191111 (3.2 GiB)
eth1 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:C2
inet addr:10.0.1.1 Bcast:10.0.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3c2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3776297 errors:0 dropped:0 overruns:0 frame:0
TX packets:3737309 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2253271526 (2.0 GiB) TX bytes:1358136401 (1.2 GiB)
Interrupt:217 Base address:0xd400
eth2 Link encap:Ethernet HWaddr 00:0C:29:B5:A3:CC
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:feb5:a3cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2005907 errors:0 dropped:0 overruns:0 frame:0
TX packets:1960342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1559244740 (1.4 GiB) TX bytes:1308894121 (1.2 GiB)
Interrupt:201 Base address:0xd800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
gw:/home/marcin# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
0.0.0.0 10.0.0.2 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 10.0.1.2 0.0.0.0 UG 5 0 0 eth1
gw:/home/marcin# ip rule list
0: from all lookup local
32760: from 10.0.1.1 lookup TABLE2
32761: from 10.0.0.1 lookup TABLE1
32766: from all lookup main
32767: from all lookup default
gw:/home/marcin# ip route list table local
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 10.0.0.1 dev eth0 proto kernel scope host src 10.0.0.1
local 10.0.2.1 dev eth2 proto kernel scope host src 10.0.2.1
broadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 10.0.2.0 dev eth2 proto kernel scope link src 10.0.2.1
broadcast 10.0.1.255 dev eth1 proto kernel scope link src 10.0.1.1
local 10.0.1.1 dev eth1 proto kernel scope host src 10.0.1.1
broadcast 10.0.1.0 dev eth1 proto kernel scope link src 10.0.1.1
broadcast 10.0.0.255 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 10.0.2.255 dev eth2 proto kernel scope link src 10.0.2.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
gw:/home/marcin# ip route list table TABLE1
10.0.0.0/24 dev eth0 scope link src 10.0.0.1
default via 10.0.0.2 dev eth0
gw:/home/marcin# ip route list table TABLE2
10.0.1.0/24 dev eth1 scope link src 10.0.1.1
default via 10.0.1.2 dev eth1
gw:/home/marcin# ip route list table main
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.1
10.0.1.0/24 dev eth1 proto kernel scope link src 10.0.1.1
10.0.2.0/24 dev eth2 proto kernel scope link src 10.0.2.1
default via 10.0.0.2 dev eth0
default via 10.0.1.2 dev eth1 metric 5
gw:/home/marcin# ip route list table default
gw:/home/marcin#
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 03:35 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-02-23 03:35 MET -------
Your routing rules only cover locally generated packet, other packets
will always take the default route. There's probably no problem with the
SYN packet, but with the SYN/ACKs in reply direction. This is not a netfilter
bug but a configuration mistake.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 03:35 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-02-23 03:35 MET -------
Your routing rules only cover locally generated packet, other packets
will always take the default route. There's probably no problem with the
SYN packet, but with the SYN/ACKs in reply direction. This is not a netfilter
bug but a configuration mistake.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 08:54 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-23 08:54 MET ------- This SYN packet never comes out from eth2 device (I've checked using tcpdump) and never reach FORWARD chain in filter table and no trace in ip_conntrack. I lookes like netfilter is not able to do DNAT action because packet arrives from interface which is not default route. Is there any detail documentation which describes algorithm of DNAT action ? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 08:54 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-23 08:54 MET ------- This SYN packet never comes out from eth2 device (I've checked using tcpdump) and never reach FORWARD chain in filter table and no trace in ip_conntrack. I lookes like netfilter is not able to do DNAT action because packet arrives from interface which is not default route. Is there any detail documentation which describes algorithm of DNAT action ? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 10:18 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-23 10:18 MET ------- You probably also have rp_filters enabled, which is why the packet is dropped at routing. All this has nothing to do with NAT. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 10:18 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From kaber@trash.net 2006-02-23 10:18 MET ------- You probably also have rp_filters enabled, which is why the packet is dropped at routing. All this has nothing to do with NAT. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 11:43 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-23 11:42 MET ------- You are right, this is configuration issue, not bug. Thank you for your help. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-23 11:43 UTC
[Bug 452] DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452 ------- Additional Comments From mzurakowski-bin@data.pl 2006-02-23 11:42 MET ------- You are right, this is configuration issue, not bug. Thank you for your help. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
Seemingly Similar Threads
- [Bug 452] New: DNAT to internal network don't work with source routing and 2 uplinks
- wireless vpn + nat
- [Bug 1415] New: adjacent ip ranges in vmap causing error
- Possible to run a tinc node in bridge-only mode?
- Load Balancing with secondary tables (not main as in the howto)