bugzilla-daemon at netfilter.org
2014-Jun-09 19:27 UTC
[Bug 958] New: MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958
Summary: MASQUERADE does not work on recent kernels
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: hramrach at gmail.com
Estimated Hours: 0.0
On recent kernels MASQUERADE does not work.
Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1016739
Debian: upgraded from wheezy stable kernel (like 3.2) to 3.14 due to broken
network card driver for new hardware.
Now untranslated packets leak to the outside and doubly translated packets
occur (with both addresses internal - one of the router other of an internal
machine). This is shown by tcpdump on the router on internal and external
interface. Not sure how trustworthy the data is.
Some software - mostly VPN works. Most plain TCP software fails miserably.
Symptom: connection timed out or connection reset by peer. Using proxy sitting
on the router works.
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jun-09 20:31 UTC
[Bug 958] MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958 --- Comment #1 from hramrach at gmail.com 2014-06-09 22:31:30 CEST --- This issue goes away when MTU on the new network card is set to 1500. Driver default seems to be 1000 and with this MTU value the masquerading breaks. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jun-09 20:32 UTC
[Bug 958] MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958
hramrach at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|major |normal
--
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Reasonably Related Threads
- [Bug 1343] New: With iPv6 masquerade, ICMPv6 time-exceeded pkts are forwarded with bad checksum
- [Bug 1105] New: masquerade fully broken when no prerouting chain is created
- masquerade and mac problem
- Can't access remote workstations without MASQUERADE
- default route with two nexthops and MASQUERADE problem