Hi List, I get an curious Problem with my NAT router It is an Digital Alpha machine running kernel 2.4.18-rc4
I get a problem with UDP Packets incoming on ippp0 outgoing on ppp0 ippp0 is a dial in to a collegue of me therefore we use the 192.168.4.0/24 Network due routing issues ppp0 is connected to the internet outgoing traffic is masqeraded I do not DROP any packets here are some Logs i did Mar 3 03:32:36 alpha kernel: UPD_PACKET_IN_IPPP IN=ippp0 OUT= MAC= SRC=192.168.4.77 DST=192.168.4.108 LEN=45 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1031 DPT=0 LEN=25 Mar 3 03:32:44 alpha kernel: UDP_PACKET_FORWARDIN=ippp0 OUT=ppp0 SRC=192.168.4.77 DST=198.41.0.4 LEN=45 TOS=0x10 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=1031 DPT=0 LEN=25 I tracked the Packets with ethereal, and got on all packets SPT=1031 and DPT=53 So it seem that the packets are ok, but somehow netfilter does some crazy things in here. Here are the important Rules: iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -A FORWARD -i ippp0 -o ppp0 -p udp -j LOG --log-prefix "UDP_PACKET_FORWARD" iptables -A INPUT -i ippp0 -p udp -j LOG --log-prefix "UPD_PACKET_IN_IPPP " iptables -t nat -A POSTROUTING -o ppp0 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE Regarding to ethereal I discovered another strange thing. A Packet incoming ippp0 SPT 1031 DTP 53 to a name server is forwarded correctly, i get an Respond packet from the Nameserver SPT 53 DPT 1031, so far so good, but now the packet will not be send back to the ippp0 device but a ICMP Paket TYPE 3 CODE 3 (destination Port unreachable) is send back to the Nameserver. I compiled all Kernels from 2.4.0 until 2.4.18-rc4, but always got the same problem, even a compile of the sources of pppoe and the isdnutils and iptables does not change anything on this Strage behaviour. A a summary: Netfilter Displays the UDP packets as having DPT=0 but ethereal displays the correct port setting, as described the packet flow is ok until it gets back to the router. The UDP Packetflow from eth0 to ppp0 is running fine, so I have the onl problem on the ippp0 interface. On a i386 machine everything is running fine with the same configuration, so it is definitly a Problem on the 64bit architecture, i think. Regards Carsten For the netfilter-devel users: i am sorry if you recieved this mail from the users mailing list too.
