Displaying 5 results from an estimated 5 matches for "nf_ip_local_in".
2006 Feb 06
1
[Bug 442] New: skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle table
...below and starts to happen
in 2.6.14 all the way to 2.6.15.2 If you have a REDIRECT rule for squid like this:
iptables -t nat -A PREROUTING -p tcp --dport 80 -s 172.16.1.5/32 -j REDIRECT
--to 3128
The skb->data_len and skb->len get messed up in mangle->NF_IP_LOCAL_OUT. The skb
is fine in NF_IP_LOCAL_IN. Values in the pre 2.6.14 kernels have 1500 or less
for the values as it should be. In 2.6.14+ it will be random high numbers like
23344. I'm looking into the patch for 2.6.14, but thought I would enlist your
help. To track this down I made a simple target that prink'd the value of those
va...
2006 Feb 07
4
[Bug 442] skb->data_len corrupted in NF_IP_LOCAL_OUT in mangle table
...2.6.14 all the way to 2.6.15.2 If you have a REDIRECT rule for squid like this:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -s 172.16.1.5/32 -j REDIRECT
> --to 3128
>
> The skb->data_len and skb->len get messed up in mangle->NF_IP_LOCAL_OUT. The skb
> is fine in NF_IP_LOCAL_IN. Values in the pre 2.6.14 kernels have 1500 or less
> for the values as it should be. In 2.6.14+ it will be random high numbers like
> 23344. I'm looking into the patch for 2.6.14, but thought I would enlist your
> help. To track this down I made a simple target that prink'd the va...
2001 Feb 10
0
use of queueing disciplines in netfilter queues
...#39;'s
missing?
I''d like to use netfilter to queue packets and then connect that to
things like TBF. For instance, suppose we want to process the
incoming syn packets at a limited rate, and further, share that
service in a fair way. I''d like to intercept syn''s at NF_IP_LOCAL_IN,
put them on a SFQ queue, and extract them at a limited rate before
returning them with nf_reinject.
I hope that makes sense.
2004 Sep 04
4
masquerade and mac problem
Hello guys
I don''t know if this thing has been posted before (if it was , please forgive me).
I have 7 computers at home and I want all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from
2003 Mar 30
10
[Bug 71] dnat breaks connection tracking?
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71
------- Additional Comments From laforge@netfilter.org 2003-03-30 21:18 -------
First of all: You didn't even specify the particular kernel version you are
running, not even mentioning which versions of which patches you are using (if
any).
Secondly, I don't see anything strange in this setup. DNAT with FTP sessions