[OpenWrt-Tickets] [OpenWrt] #19050: Packages masquerading don't work correctly

Sat, 21 Feb 2015 21:59:35 -0800 

#19050: Packages masquerading don't work correctly
---------------------------------------+-----------------------------------
 Reporter:  big.smile@…                |      Owner:  developers
     Type:  defect                     |     Status:  new
 Priority:  high                       |  Milestone:  Barrier Breaker 14.07
Component:  kernel                     |    Version:  Barrier Breaker 14.07
 Keywords:  masquerade, NAT, Firewall  |
---------------------------------------+-----------------------------------
 I use OpenWRT 14.07 x86 on a PC Engines APU.
 This router is using between my local network and the network of my
 Internet provider.

 Problem:
 Some outgoing packages, only a few, are not masquerading: They keep their
 local source IP address (192.168.1.XXX) instead of getting my Wan IP
 address. But, they still get the mac address of my Wan interface as source
 mac address.

 Consequence:
 When this arrive, the network of my Internet provider block my connection
 because source IP and source mac address didn't corresponding.

 If I look at IPTables, masquerade is enabled:

 {{{
 # iptables -L -t nat
 …
 Chain zone_wan_postrouting (1 references)
 target     prot opt source               destination
 postrouting_wan_rule  all  --  anywhere             anywhere
 /* user chain for postrouting */
 MASQUERADE  all  --  anywhere             anywhere
 }}}


 If I listen Wan connection with "tcpdump ip -i 4 -ne -vv 'src host not
 XXX.XXX.XXX.XXX and ether src host aa:aa:aa:aa:aa:aa'", I've got this:

 {{{
 03:44:00.095703 aa:aa:aa:aa:aa:aa >ff:ff:ff:FF:FF:FF, ethertype IPv4
 (0x0800), length 66: (tos 0x0, ttl 63, id 30929, offset 0, flags [DF],
 proto TCP (6), length 52)
     192.168.7.237.57912 > vvv.vvv.vvv.vvv.vvvv: Flags [R.], cksum 0x844f
 (correct), seq 2600988415, ack 2178291637, win 1040, options [nop,nop,TS
 val 6003192 ecr 844889508], length 0
 03:44:00.120923 aa:aa:aa:aa:aa:aa > ff:ff:ff:FF:FF:FF, ethertype IPv4
 (0x0800), length 66: (tos 0x0, ttl 63, id 6495, offset 0, flags [DF],
 proto TCP (6), length 52)
     192.168.7.237.61356 > zzz.zzz.zzz.zzz.zzzz: Flags [R.], cksum 0xccf8
 (correct), seq 2701944257, ack 1628634018, win 1040, options [nop,nop,TS
 val 6003218 ecr 299991797], length 0
 }}}


 (Addresses are voluntary modified)

 PS: Also tested with trunk x86_64 version, available here since
 22-Feb-2015 01:23:
 https://downloads.openwrt.org/snapshots/trunk/x86_64/generic/
 I've got the same result.

--
Ticket URL: <https://dev.openwrt.org/ticket/19050>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets

Reply via email to