Broken masquerade when using policy routing

From: Michael Renner
Date: Tue Dec 23 2003 - 06:23:24 EST

Hi Rusty, David!

It seems as if some changes from August [1] have broken masquerade when
using "advanced routing" features to route the packets.

I have two WAN-devices on my linux router at home, one ISDN (ippp0) and
one ADSL (ppp0) link. I want to route (bulk) traffic from specific IPs
over the ISDN link and I did that with policy routing (at least I think
that's what it's called).

Here is my current setup:


HITB:~# ip rule list
0: from all lookup local
32763: from lookup 42
32764: from iif eth1 lookup 42
32765: from iif eth1 lookup 42
32766: from all lookup main
32767: from all lookup default
HITB:~# ip route show table 42
default via dev ippp0
HITB:~# ip route list | grep default
default via dev ppp0
HITB:~# iptables -t nat -L -v -n | grep -A4 POSTROUTING
Chain POSTROUTING (policy ACCEPT 69494 packets, 4741K bytes)
pkts bytes target prot opt in out source destination
49609 2243K MASQUERADE all -- * ppp0
18466 1132K MASQUERADE all -- * ippp0



This did work fine with up to 2.4.22-pre3 but when updating to 2.4.23 the
packets which should get sent over the ippp0 device seem to get dropped by
the masquerading module. I got lots of these messages:

Dec 15 00:20:57 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:01 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:07 HITB kernel: MASQUERADE: Route sent us somewhere else.

which apparently come from the changes [2] done to ipt_MASQUERADE.c

Now my question: Is this an intended behaviour? If so, how should I change
my setup so that it works again with masquerading?


best regards and thanks in advance,
Michael Renner
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at