bugzilla-daemon at netfilter.org
2014-Jun-09 19:27 UTC
[Bug 958] New: MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958 Summary: MASQUERADE does not work on recent kernels Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: major Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: hramrach at gmail.com Estimated Hours: 0.0 On recent kernels MASQUERADE does not work. Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1016739 Debian: upgraded from wheezy stable kernel (like 3.2) to 3.14 due to broken network card driver for new hardware. Now untranslated packets leak to the outside and doubly translated packets occur (with both addresses internal - one of the router other of an internal machine). This is shown by tcpdump on the router on internal and external interface. Not sure how trustworthy the data is. Some software - mostly VPN works. Most plain TCP software fails miserably. Symptom: connection timed out or connection reset by peer. Using proxy sitting on the router works. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jun-09 20:31 UTC
[Bug 958] MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958 --- Comment #1 from hramrach at gmail.com 2014-06-09 22:31:30 CEST --- This issue goes away when MTU on the new network card is set to 1500. Driver default seems to be 1000 and with this MTU value the masquerading breaks. -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
bugzilla-daemon at netfilter.org
2014-Jun-09 20:32 UTC
[Bug 958] MASQUERADE does not work on recent kernels
https://bugzilla.netfilter.org/show_bug.cgi?id=958 hramrach at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |normal -- Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
Maybe Matching Threads
- [Bug 1343] New: With iPv6 masquerade, ICMPv6 time-exceeded pkts are forwarded with bad checksum
- [Bug 1105] New: masquerade fully broken when no prerouting chain is created
- masquerade and mac problem
- Can't access remote workstations without MASQUERADE
- default route with two nexthops and MASQUERADE problem