All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: Ingo Oeser <netdev@axxeo.de>
Cc: netdev@vger.kernel.org
Subject: Re: Funny Routing change since 2.6.16.x
Date: Wed, 07 Feb 2007 18:07:03 +0100	[thread overview]
Message-ID: <45CA0737.40308@trash.net> (raw)
In-Reply-To: <200702071756.34409.netdev@axxeo.de>

Ingo Oeser wrote:
> Dear network gurus,
> 
> I used to change the source address on an PPPoE connection by using
> these commands:
> 
> /sbin/ifconfig ppp0:1 $SRCADDR
> /sbin/ip route add default dev ppp0 src $SRCADDR
> 
> where SRCADDR is an address in a different network
> than the local and peer address for ppp0.
> 
> That works fine until Linux 2.6.13.1.
> 
> When I use Kernel 2.6.16.32, 2.6.19.2 or 2.6.19.3
> this stops working.
> 
> Funnily it WORKS, when the machine just has to answer.
> It DOESN'T work, when the machine initiates an connection.
> 
> I verified that on the receiving side of a ping with tcpdump.
> 
> I also verified that "ip route get $OTHER_HOST" would use the route 
> with src address  set to "SRCADDR" from above.
> 
> I tried using a default route like "ip route add default via $GATEWAY src $SRCADDR",
> but that doesn't work either.
> 
> I attached the config for the old working kernel and the 2.6.19.3 config
> for reference.
> 
> We noticed no problems with ethernet alias interfaces.
> 
> The (production) machine is a PC doing SNAT, DNAT, MASQUERADE 
> and iptables based stateful inspection firewalling. Policy routing is 
> compiled in, but not used at all.
> 
> If you need the iptables rules anyway, just tell me.

My guess is that you're using MASQUERADE on ppp0, which since 2.6.14
doesn't exclude locally generated packets anymore, so it translates
them to the primary ppp0 address. For replies it works because NAT
is already set up for the incoming packet, without masquerading.

  reply	other threads:[~2007-02-07 17:07 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-02-07 16:56 Funny Routing change since 2.6.16.x Ingo Oeser
2007-02-07 17:07 ` Patrick McHardy [this message]
2007-02-07 17:16   ` Ingo Oeser
2007-02-07 17:18     ` Patrick McHardy
2007-02-08 15:52       ` Ingo Oeser
2007-02-08 16:32         ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45CA0737.40308@trash.net \
    --to=kaber@trash.net \
    --cc=netdev@axxeo.de \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.