search for: post_routing

...ation problem, which occurs if the connection is initiated by a local process. I now further investigated the problem, it doesn't occur: * if the NAT box is a gateway, and the connection is initiated on another box. * if the connection is not initiated, but accepted As SNAT happens at NF_IP_POST_ROUTING, reply translation will be performed at NF_IP_PRE_ROUTING. The following DEBUG output shows what happens (enabled DEBUGP at the top of ip_nat_core.c): icmp reply translation, ct=c3617480, hooknum=0, ctinfo=4 icmp_reply_translation: translating error c396f260 hook 0 dir REPLY, num_manips=2 icmp_rep...

Hello, I''m stuck IPSECing my wireless network at home and would appreciate any comments. I appologize in advance if I''m wasting your time with trivia - I''m not a professional and staring at the problem for days from various angles hasn''t done me any good ... My home server/firewall (morannon) is hooked up through an USB to ethernet adapter (eth1) to my DSL

...be the following: if the DF flag is set in the fragments of a packet, the maximum length fragment determines the fate of the whole packet during routing. A possible solution could be to save the maximum length of fragments in PRE_ROUTING. Then we can use this maximum length to re-fragment on POST_ROUTING (possibly producing more or less fragments than received) and we can set the DF flag on fragments. In this way NAT can shrink or enlarge packets without causing any problem. (yes, I know... my English is terrible... ;) ) ------- You are receiving this mail because: ------- You are on the...

Poking around in the bridge latency issue I have, I discovered this netfilter patch. http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2751 In my case I was getting a slew of ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING entries. I didn''t see this on the list so I posted for reference. Regards, Ted _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel

...--- This is a really hard issue. The problem is that we _need_ to defragment at NF_IP_PRE_ROUTING in order to have the be able to do connection tracking. So at this point we would need to save the sizes of all individual fragments. This would enable us to re-fragment to exactly the same size at POST_ROUTING. Another obvious approach was to check for IP_DF and see if it is bigger than the MTU of the outgoing interface. The problem is: before we do conntrack at NF_IP_PRE_ROUTING we don't know what potential NAT bindings apply to this connection/packet - and thus don't know the outgoing interf...

Hi all Its been long time i have sending this message to this news group but i could not get proper responce from the authors or any experts that, is that bug or only the problem with my ssytem iam tryin this config with FC iptable 1.3.0 and latest TC tc utility, iproute2-ss050330 htb 3.17 iam trying past 2 weeks and digging all googles but could not able to come to conclusion whats wrong

Hi, Please suppose following config: Two external interfaces for two different providers On each of them configured NAT for specific IP addr. ie. 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100 inet 1.1.1.30/30 brd 1.1.1.31 scope global eth2 6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100 inet 2.2.2.66/27 brd 2.2.2.95 scope global eth4 On eth2

I''m rate limiting and prioritizing traffic upstream of a slow wan link using htb, classic wonder shaper type stuff. I''m using the following command for traffic that does not match any of my defined filters: tc qdisc add dev eth0 root handle 1: htb default 50 It appears that local, non-routable traffic like arps and igmp are being snared by this and end-up queued in the lowest

Hi, I have 2 servers which are connected to a gateway machine. The gateway and one server are running Linux 2.6.16.2, while the third machine is running 2.6.16.5. The two ethernet ports on the gateway which are connected to the servers are combined into a single ethernet bridge device. Ever since 2.6.16, I have noticed that I can no longer cross-mount the two servers' /home directories via

I have to match my packets based on MAC address, which I cannot do in the POSTROUTING chain, so I do it in PREROUTING using MARK. Then, I match on the MARK in the POSTROUTING chain to do a CLASSIFY. But this does not seem to work: wireless-r1 bwlimit # iptables -L -v -n -t mangle Chain PREROUTING (policy ACCEPT 3353K packets, 941M bytes) pkts bytes target prot opt in out source