Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.

To: debian-kernel@lists.debian.org
Subject: Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.
From: Troy Davis <troydavis@gmail.com>
Date: Mon, 22 Aug 2011 09:20:35 -0500
Message-id: <[🔎] CAPwAwVidgbz18qNRypKzbwe8WxBUESsXTfRXXzHSpj17GcGTbA@mail.gmail.com>

>> -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p udp --dport 53,123 -j MASQUERADE
>> -A POSTROUTING -s 192.168.0.64/26 -o eth1 -m multiport -p tcp --dport 22,80,119,443 -j MASQUERADE

> This config allows packets with private addresses to escape to eth1. Fix it.

Granted.  However, please note the rule immediately before the two you
quoted and the source address of the packets in the tcpdump output.

I did not do more fact-gathering because I had to get my immediate
problem solved right away.  Other hosts on the network had the same
problem described in the upstream thread.  Rebooting the 3.0 kernel
solved the problem temporarily, and reverting to 2.6.39 stopped it
completely.

Someone else in the upstream thread with the same problem has since
reported that it's fixed with the mentioned patches.  I'm new to
this--am I correct in assuming that that means the fix in the kernel
that ships with Debian will come from upstream eventually?

-- 
Troy

Reply to:

Prev by Date: Bug#638555: linux-image-2.6.32-5-amd64: CPU time overflows for long-running processes.
Next by Date: Bug#638863: linux-image-3.0.0-1-amd64: Errors/warnings show during startup
Previous by thread: Re: Upstream bug 39132 - Starting with 3.0.0-rc6, masquerading seems to be broken.
Next by thread: Processed: cloning 638322, reassign 638322 to nfs-common, reassign -1 to src:eglibc, block 638322 with -1
Index(es):
- Date
- Thread