[Bug 680] Packets disappear after NAT on 2nd gateway

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Sat Dec 17 20:16:38 CET 2011 

http://bugzilla.netfilter.org/show_bug.cgi?id=680





--- Comment #9 from Richard Lucassen <rl-20100926 at xaq.nl>  2011-12-17 20:16:37 ---
(In reply to comment #8)
> I would again double-check that rp_filter is disabled.  Changes were made in
> kernel version 2.6.31 regarding how rp_filter settings were calculated.  That
> seems right around the time you started seeing the issue in your tests.
> Make sure you check default, all, and the specific interfaces under
> /proc/sys/net/ipv4/
> Set them all to 0 for testing.
> 
> I had a very similar issue as you (although my setup was much simpler: 1 DNAT
> only, no CONNMARK) and some rp_filter changes fixed the problem for me.

<copy of a reply that seems to have disappeared>

Indeed, on a 2.6.32.46 kernel, this did the job:

echo "0" > /proc/sys/net/ipv4/conf/all/rp_filter

I'll test this issue ASAP on other machines. On some of these other
machines I have similar problems sending 80/tcp traffic into another
route table in order to be able to do some transparant proxying. These
packets disappear as well.

</copy of a reply that seems to have disappeared>

[follow up]

I tried another machine running kernel 2.6.38.8, having two internet
interfaces, one on eth5 (default gateway) and one on eth4. The trick with:

echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

did not work, I needed to disable rp_filter on eth4 as well:

echo 0 > /proc/sys/net/ipv4/conf/eth4/rp_filter

Weird thing is that when I re-enable rp_filtering, things keep working for a
moment. This made me think of flushing the route cache and indeed:

ip route flush cache

made it stop again. Finally I found out that setting the interface to "relaxed
filtering" made things work, not *disabling* filtering:

echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/eth4/rp_filter

Question remains why disabling rp_filter on eth4 does not work while setting
the device eth4 to "relaxed filtering" makes it work.

Anyone thoughts on this?

R.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list