bugzilla-daemon at bugzilla.netfilter.org
2011-Dec-16 20:29 UTC
[Bug 680] Packets disappear after NAT on 2nd gateway
http://bugzilla.netfilter.org/show_bug.cgi?id=680
Willie <MidSpeck at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |MidSpeck at hotmail.com
--- Comment #8 from Willie <MidSpeck at hotmail.com> 2011-12-16 21:29:19
---
I would again double-check that rp_filter is disabled. Changes were made in
kernel version 2.6.31 regarding how rp_filter settings were calculated. That
seems right around the time you started seeing the issue in your tests.
Make sure you check default, all, and the specific interfaces under
/proc/sys/net/ipv4/
Set them all to 0 for testing.
I had a very similar issue as you (although my setup was much simpler: 1 DNAT
only, no CONNMARK) and some rp_filter changes fixed the problem for me.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
bugzilla-daemon at bugzilla.netfilter.org
2011-Dec-17 19:16 UTC
[Bug 680] Packets disappear after NAT on 2nd gateway
http://bugzilla.netfilter.org/show_bug.cgi?id=680 --- Comment #9 from Richard Lucassen <rl-20100926 at xaq.nl> 2011-12-17 20:16:37 --- (In reply to comment #8)> I would again double-check that rp_filter is disabled. Changes were made in > kernel version 2.6.31 regarding how rp_filter settings were calculated. That > seems right around the time you started seeing the issue in your tests. > Make sure you check default, all, and the specific interfaces under > /proc/sys/net/ipv4/ > Set them all to 0 for testing. > > I had a very similar issue as you (although my setup was much simpler: 1 DNAT > only, no CONNMARK) and some rp_filter changes fixed the problem for me.<copy of a reply that seems to have disappeared> Indeed, on a 2.6.32.46 kernel, this did the job: echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter I'll test this issue ASAP on other machines. On some of these other machines I have similar problems sending 80/tcp traffic into another route table in order to be able to do some transparant proxying. These packets disappear as well. </copy of a reply that seems to have disappeared> [follow up] I tried another machine running kernel 2.6.38.8, having two internet interfaces, one on eth5 (default gateway) and one on eth4. The trick with: echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter did not work, I needed to disable rp_filter on eth4 as well: echo 0 > /proc/sys/net/ipv4/conf/eth4/rp_filter Weird thing is that when I re-enable rp_filtering, things keep working for a moment. This made me think of flushing the route cache and indeed: ip route flush cache made it stop again. Finally I found out that setting the interface to "relaxed filtering" made things work, not *disabling* filtering: echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter echo 2 > /proc/sys/net/ipv4/conf/eth4/rp_filter Question remains why disabling rp_filter on eth4 does not work while setting the device eth4 to "relaxed filtering" makes it work. Anyone thoughts on this? R. -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching all bug changes.