Kernel 2.4.24 bug
From: Mihai Tanasescu
Date: Sat Feb 14 2004 - 23:23:24 EST
Hello,
I've recently discovered a bug in the conntrack system I think of the
linux 2.4.24 kernel:
I have the following setup:
eth0 Link encap:Ethernet HWaddr 00:40:F4:79:11:A3
inet addr:213.154.157.242 Bcast:213.154.157.243 \
eth0:0 Link encap:Ethernet HWaddr 00:40:F4:79:11:A3
inet addr:213.154.157.42 Bcast:213.154.157.47 \
eth0:1 Link encap:Ethernet HWaddr 00:40:F4:79:11:A3
inet addr:213.154.157.43 Bcast:213.154.157.47 \
eth0:2 Link encap:Ethernet HWaddr 00:40:F4:79:11:A3
inet addr:213.154.157.44 Bcast:213.154.157.47 \
eth0:3 Link encap:Ethernet HWaddr 00:40:F4:79:11:A3
inet addr:213.154.157.45 Bcast:213.154.157.47 \
and I have something like
SNAT 192.168.40.10,192.168.40.11 to 213.154.157.242
SNAT 192.168.40.12,192.168.40.13 to 213.154.157.42
and so on for every alias IP on my external interface eth0
with the 2.4.24 kernel NAT was only working for the first ip of the
network interface=213.154.157.242 in my case (for the other ones=the
aliases it reacted in the following way ....
for example an icmp ping from 192.168.40.13 to some site would get seen
with tcpdump exiting the server with the correct nated IP ...I would see
it come back on the external interface..but no packet would come out the
internal interface in order to reach the private ip that originally
sent the ping ..)
like: tcpdump -n -i eth1
icmp echo request 192.168.40.13 > 194.102.255.2
tcpdump -n -i eth0
icmp echo request 213.154.157.42 > 194.102.255.2
icmp echo reply 194.102.255.2 > 213.154.157.42
but I get NO reply like this going to the private/lan station
tcpdump -n -i eth1
icmp echo reply 194.102.255.2 > 192.168.40.13
(it seems the packet gets stuck in the router and doesn't reach the
local station that send the initial packet)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/