Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread David Miller
From: Ben Hutchings Date: Mon, 22 Aug 2011 22:44:14 +0100 > On Mon, Aug 22, 2011 at 01:27:24PM -0700, David Miller wrote: >> From: Ben Hutchings >> Date: Mon, 22 Aug 2011 16:08:00 +0100 >> >> > David, I think we need this in 3.0-stable: >> >> The change is already in -stable as it went into 3.

Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread Ben Hutchings
On Mon, Aug 22, 2011 at 01:27:24PM -0700, David Miller wrote: > From: Ben Hutchings > Date: Mon, 22 Aug 2011 16:08:00 +0100 > > > David, I think we need this in 3.0-stable: > > The change is already in -stable as it went into 3.0-final. > > If anything this might suggest that the fix in questio

Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread David Miller
From: Ben Hutchings Date: Mon, 22 Aug 2011 16:08:00 +0100 > David, I think we need this in 3.0-stable: The change is already in -stable as it went into 3.0-final. If anything this might suggest that the fix in question is the cause of this bug, since the commit went in right after 3.0-rc4 Try

Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread Ben Hutchings
David, I think we need this in 3.0-stable: commit 797fd3913abf2f7036003ab8d3d019cbea41affd Author: Julian Anastasov Date: Sun Aug 7 09:11:00 2011 + netfilter: TCP and raw fix for ip_route_me_harder (Discussed in and

Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread Troy Davis
>> -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p udp --dport 53,123 >> -j MASQUERADE >> -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p tcp --dport >> 22,80,119,443 -j MASQUERADE > This config allows packets with private addresses to escape to eth1. Fix it. Granted. Howev

Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-22 Thread Bastian Blank
On Sun, Aug 21, 2011 at 06:42:13PM -0500, Troy Davis wrote: > -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p udp --dport > 53,123 -j MASQUERADE > -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p tcp --dport > 22,80,119,443 -j MASQUERADE This config allows packets with private a

Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

2011-08-21 Thread Troy Davis
There is a bug in NAT masquerading that is recognized upstream: https://bugzilla.kernel.org/show_bug.cgi?id=39132 I am able to repeat the above problem in the 3.0 kernel included in Debian testing (linux-image-3.0.0-1-686-pae, 3.0.0-1). I have reverted to linux-image-2.6.39-2-686-pae (2.6.39-3)