Broken masquerade when using policy routing
From: Michael Renner
Date: Tue Dec 23 2003 - 06:23:24 EST
Hi Rusty, David!
It seems as if some changes from August  have broken masquerade when
using "advanced routing" features to route the packets.
I have two WAN-devices on my linux router at home, one ISDN (ippp0) and
one ADSL (ppp0) link. I want to route (bulk) traffic from specific IPs
over the ISDN link and I did that with policy routing (at least I think
that's what it's called).
Here is my current setup:
HITB:~# ip rule list
0: from all lookup local
32763: from 22.214.171.124 lookup 42
32764: from 192.168.0.21 iif eth1 lookup 42
32765: from 192.168.0.11 iif eth1 lookup 42
32766: from all lookup main
32767: from all lookup default
HITB:~# ip route show table 42
default via 126.96.36.199 dev ippp0
HITB:~# ip route list | grep default
default via 188.8.131.52 dev ppp0
HITB:~# iptables -t nat -L -v -n | grep -A4 POSTROUTING
Chain POSTROUTING (policy ACCEPT 69494 packets, 4741K bytes)
pkts bytes target prot opt in out source destination
49609 2243K MASQUERADE all -- * ppp0 192.168.0.0/24 0.0.0.0/0
18466 1132K MASQUERADE all -- * ippp0 192.168.0.0/24 0.0.0.0/0
This did work fine with up to 2.4.22-pre3 but when updating to 2.4.23 the
packets which should get sent over the ippp0 device seem to get dropped by
the masquerading module. I got lots of these messages:
Dec 15 00:20:57 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:01 HITB kernel: MASQUERADE: Route sent us somewhere else.
Dec 15 00:21:07 HITB kernel: MASQUERADE: Route sent us somewhere else.
which apparently come from the changes  done to ipt_MASQUERADE.c
Now my question: Is this an intended behaviour? If so, how should I change
my setup so that it works again with masquerading?
best regards and thanks in advance,
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html