Broken masquerade when using policy routing

From: Michael Renner
Date: Tue Dec 23 2003 - 06:23:24 EST


Hi Rusty, David!

It seems as if some changes from August [1] have broken masquerade when
using "advanced routing" features to route the packets.

I have two WAN-devices on my linux router at home, one ISDN (ippp0) and
one ADSL (ppp0) link. I want to route (bulk) traffic from specific IPs
over the ISDN link and I did that with policy routing (at least I think
that's what it's called).

Here is my current setup:

---

HITB:~# ip rule list
0: from all lookup local
32763: from 62.46.2.124 lookup 42
32764: from 192.168.0.21 iif eth1 lookup 42
32765: from 192.168.0.11 iif eth1 lookup 42
32766: from all lookup main
32767: from all lookup default
HITB:~# ip route show table 42
default via 195.3.94.58 dev ippp0
HITB:~# ip route list | grep default
default via 213.229.45.253 dev ppp0
HITB:~# iptables -t nat -L -v -n | grep -A4 POSTROUTING
Chain POSTROUTING (policy ACCEPT 69494 packets, 4741K bytes)
pkts bytes target prot opt in out source destination
49609 2243K MASQUERADE all -- * ppp0 192.168.0.0/24 0.0.0.0/0
18466 1132K MASQUERADE all -- * ippp0 192.168.0.0/24 0.0.0.0/0

HITB:~#

---

This did work fine with up to 2.4.22-pre3 but when updating to 2.4.23 the
packets which should get sent over the ippp0 device seem to get dropped by
the masquerading module. I got lots of these messages:

Dec 15 00:20:57 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:01 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:07 HITB kernel: MASQUERADE: Route sent us somewhere else.

which apparently come from the changes [2] done to ipt_MASQUERADE.c

Now my question: Is this an intended behaviour? If so, how should I change
my setup so that it works again with masquerading?

[1] http://marc.theaimsgroup.com/?l=linux-net&w=2&r=1&s=rusty%27s+brain+broke&q=b
[2] http://linux.bkbits.net:8080/linux-2.4/diffs/net/ipv4/netfilter/ipt_MASQUERADE.c@xxx?nav=index.html|src/.|src/net|src/net/ipv4|src/net/ipv4/netfilter|hist/net/ipv4/netfilter/ipt_MASQUERADE.c

best regards and thanks in advance,
Michael Renner
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html