Shorewall users - Aug 2005 - pb migrating to kernel 2.6.11

Hi,
After migrating from kernel 2.4 to 2.6.11 I have following problem :
kernel says


Aug 12 11:49:19 serveur2 kernel: NAT: no longer support implicit source
local NAT
Aug 12 11:49:19 serveur2 kernel: NAT: packet src 192.168.1.238 -> dst
192.168.1.238

What does it mean ?

Is there a work around ?

Best regards
Steph




-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

S. ancelot wrote:
> Hi,
> After migrating from kernel 2.4 to 2.6.11 I have following problem :
> kernel says
>
>
> Aug 12 11:49:19 serveur2 kernel: NAT: no longer support implicit source
> local NAT
> Aug 12 11:49:19 serveur2 kernel: NAT: packet src 192.168.1.238 -> dst
> 192.168.1.238
>
> What does it mean ?
It means that you have a DNAT rule with $FW as the SOURCE and that the
packet is being redirected out of an interface different from the one that
hosts the packet''s source IP address. Prior to 2.6.11, the kernel would
automatically change the source IP address (SNAT). It no longer does that.
>
> Is there a work around ?
>
It''s possible that you don''t even need one since after NAT,
the packet
source and destination are the same (and hence the packet will remain local
to the firewall system). The message will only appear the first time that
the DNAT rule is hit.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key