On Tuesday 17 December 2002 16:32, Dimitris Zilaskos wrote:
> I have tested 2.4.18-ac3 and 2.4.19 and all spit out the same message
> about forwarding .The behaviour seems to have changed since 2.4.14 with
> bridge-nf-0.0.3-against-2.4.13-ac7.diff , which is the setup i mentioned
> and last worked for me .
The (untested) patch/hack below should "fix" your problem.
However, it's just a hack and not _the_ solution.
What the bridge-nf code logic does for iptables DNAT'ed traffic is this:
Through a function call of the IP code it sees if there is a route available
for the new destination IP address for (IP) forwarded packets. If this fails,
it is still possible that there is a route for this destination address for
packets that originate from the bridge box itself. This is checked through a
second call to a function of the IP code. If there is a route for a locally
originated packet and not for a forwarded packet, the bridge-nf code assumes
that the reason why the first IP function call was unsuccessful is because
ip_forwarding is disabled. If this route would send the packet to another
device than the current bridge device, the packet is dropped and the message
"Performing cross-bridge DNAT requires IP forwarding to be enabled" is
written to the logs.
AFAIK the only reason why there is no route for a to be forwarded IP packet
while there is a route for the packet when it's locally originated, is when
ip_forwarding is disabled.
I guess there is another reason, can you enlighten me? Is there anything
special about your setup?
cheers,
Bart
--- linux-2.4.20/net/bridge/br_netfilter.c.old Tue Dec 17 20:00:22 2002
+++ linux-2.4.20/net/bridge/br_netfilter.c Tue Dec 17 20:26:03 2002
@@ -66,6 +66,7 @@
/* PF_BRIDGE/PRE_ROUTING *********************************************/
+/*
static void __br_dnat_complain(void)
{
static unsigned long last_complaint = 0;
@@ -76,6 +77,7 @@
last_complaint = jiffies;
}
}
+*/
/* This requires some explaining. If DNAT has taken place,
@@ -167,8 +169,11 @@
skb->dst = (struct dst_entry *)rt;
goto bridged_dnat;
}
+ /*
__br_dnat_complain();
+ */
dst_release((struct dst_entry *)rt);
+ goto normal_dnat;
}
kfree_skb(skb);
return 0;
@@ -187,6 +192,7 @@
1);
return 0;
}
+normal_dnat:
memcpy(skb->mac.ethernet->h_dest, dev->dev_addr,
ETH_ALEN);
}
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
