Re: IP Masquerading problems with 2.2.x

Juanjo Ciarlante (irriga@impsat1.com.ar)
Fri, 3 Sep 1999 20:37:14 -0300


--Dxnq1zWXvFF0Q93v
Content-Type: text/plain; charset=us-ascii

On Wed, Sep 01, 1999 at 10:33:33PM +0200, Admin wrote:
> So I think it would be great to either add an option for flushing masquerading tables in ipchains or doing it on an down/up cycle in the kernel... If you could give me directions, I could do it myself...
> or would erasing the masquerading rules and setting them anew by /etc/ppp/ip-down do the trick?
quite tricky (although doable) given the timers+locking involved in masq code.
Please attached PATCH with
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

(or echo "3" if you want debugging to syslog)
Regards

-- 
-- Juanjo       http://juanjox.kernelnotes.org/
            ... because there IS an OS that CAN follow your power 

--Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=patch-ip_masq-dynaddr-udp

--- ip_masq.c.orig Wed Mar 17 02:52:05 1999 +++ ip_masq.c Fri Sep 3 20:31:00 1999 @@ -1130,11 +1130,16 @@ if (ms!=NULL) { /* - * If sysctl !=0 and no pkt has been received yet - * in this tunnel and routing iface address has changed... + * If sysctl !=0 + * AND + * no pkt has been received yet in this tunnel OR not TCP + * AND + * routing iface address has changed... * "You are welcome, diald". */ - if ( sysctl_ip_dynaddr && ms->flags & IP_MASQ_F_NO_REPLY && maddr != ms->maddr) { + if ( sysctl_ip_dynaddr && + (ms->flags & IP_MASQ_F_NO_REPLY||ms->protocol!=IPPROTO_TCP) && + maddr != ms->maddr) { if (sysctl_ip_dynaddr > 1) { IP_MASQ_INFO( "ip_fw_masquerade(): change masq.addr from %d.%d.%d.%d to %d.%d.%d.%d\n",

--Dxnq1zWXvFF0Q93v-- - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu