Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-09 Thread Patrick McHardy
Marc Lehmann wrote: > It's also a 64-bit-only problem. To verify, I tried this: > > ethtool -K eth1 rx off tx off sg off > > Where eth1 is the interface where pppoe runs over. > > ethtool -k eth1 then displayed: > >rx-checksumming: off >tx-checksumming: off >scatter-gather: off >

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Patrick McHardy
Marc Lehmann wrote: > On Wed, Sep 07, 2005 at 11:42:01PM +0200, Patrick McHardy <[EMAIL PROTECTED]> > wrote: > >>just to give some hints, does this patch make the problem go away? > > I guess now that hw checksumming is identified as the direct cause, this is > no longer neecssary? If yes, just

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Marc Lehmann
On Wed, Sep 07, 2005 at 11:42:01PM +0200, Patrick McHardy <[EMAIL PROTECTED]> wrote: > > Some more messages I get when logging is enabled: > > > > printk: 1286 messages suppressed. > > ip_ct_tcp: invalid state IN= OUT= SRC=84.56.231.206 DST=xxx.xxx.xxx.xxx > > LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Marc Lehmann
On Wed, Sep 07, 2005 at 11:34:10PM +0200, Patrick McHardy <[EMAIL PROTECTED]> wrote: > > I think I have the LOG target compiled into the kernel. After the echo, I > > got > > this within a matter of seconds: > > > >printk: 614 messages suppressed. > >ip_ct_tcp: bad TCP checksum IN= OUT=

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Patrick McHardy
Marc Lehmann wrote: > On Wed, Sep 07, 2005 at 02:39:20PM +0200, Patrick McHardy <[EMAIL PROTECTED]> > wrote: > >>Please try if loading the ipt_LOG module and executing >>"echo 255 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid" >>gives more information > > Some more messages I get when

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Patrick McHardy
Marc Lehmann wrote: > I think I have the LOG target compiled into the kernel. After the echo, I got > this within a matter of seconds: > >printk: 614 messages suppressed. >ip_ct_tcp: bad TCP checksum IN= OUT= SRC= DST=84.56.231.206 > LEN=105 TOS=0x00 PREC=0x00 TTL=53 ID=33989

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Marc Lehmann
On Wed, Sep 07, 2005 at 02:39:20PM +0200, Patrick McHardy <[EMAIL PROTECTED]> wrote: > Please try if loading the ipt_LOG module and executing > "echo 255 > /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid" > gives more information Some more messages I get when logging is enabled: printk: 12

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Marc Lehmann
On Wed, Sep 07, 2005 at 02:39:20PM +0200, Patrick McHardy <[EMAIL PROTECTED]> wrote: > Andrew Morton wrote: Thanks for your response! > > tcp 6 52 SYN_SENT src=10.0.0.1 dst=129.13.162.95 sport=44320 > > dport=80 [UNREPLIED] src=129.13.162.95 dst=84.56.237.68 sport=80 > > dport=44320

Re: Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Patrick McHardy
Andrew Morton wrote: I recently upgraded a 32 bit machine to a new amd64 board+cpu. I took the same kernel (2.6.13-rc7) and just recompiled it for 64 bit, plus upgraded userspace to 64 bit. Firewall config stayed the same. Problem: neither ping nor tcp was being masqueraded properly. I created

Fw: masquerading failure for at least icmp and tcp+sack on amd64

2005-09-07 Thread Andrew Morton
Begin forwarded message: Date: Tue, 6 Sep 2005 19:29:30 +0200 From: Marc Lehmann <[EMAIL PROTECTED]> To: linux-kernel@vger.kernel.org Subject: masquerading failure for at least icmp and tcp+sack on amd64 Hi! I recently upgraded a 32 bit machine to a new amd64 board+cpu. I took the same kernel