On Mon, 21 May 2007 13:05:36 -0700 [EMAIL PROTECTED] wrote:
> http://bugzilla.kernel.org/show_bug.cgi?id=8519 > > Summary: NAT prerouting over tun interface broken > Kernel Version: 2.6.21.1 > Status: NEW > Severity: normal > Owner: [EMAIL PROTECTED] > Submitter: [EMAIL PROTECTED] > > > Most recent kernel where this bug did *NOT* occur: 2.6.20.7 > Distribution: Debian unstable > Hardware Environment: EM64T (Pentium D) running amd64 kernel > Software Environment: Debian unstable > > Problem Description: > I have the hercules s/390 emulator running on an EM64T host, both running > Debian unstable. I use a tun interface, a second IP address on eth0 and > iptables/nat so the emulator has it's own address on my local network. > > With 2.6.21.1 on the host, networking between the emulator and the host > system > is fine (I can ssh from the host into the emulator without problems), but > communication from the emulator with other boxes is broken. Other boxes also > don't see the emulator if I ping its external address. > > If I ping another box on my LAN from the emulator while running wireshark on > the host, I can see that: > - the echo request gets sent OK > - the other box replies OK > - the host receives the echo reply > - but the tun interface never gets it. > > If I boot the host with 2.6.20 everything works fine again. > > Here is how the setup looks: > |---------------- host system --------------------| > |-- emulator --| > eth0 tun ctc0 > LAN <---> 10.19.66.21 > LAN <---> 10.19.66.92 <---> 10.19.92.2 <---> 10.19.92.1 > nat P2P > > The only active iptables rules are: > iptables -t nat -A PREROUTING -d 10.19.66.92 \ > -j DNAT --to-destination 10.19.92.1 > iptables -t nat -A POSTROUTING -s 10.19.92.1 \ > -j SNAT --to-source 10.19.66.92 - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
