[Nix-dev] kernel 3.6 NAT issues
Mathijs Kwik
mathijs at bluescreen303.nl
Wed Oct 10 19:21:30 CEST 2012
Hi all,
I'm trying out kernel 3.6 at the moment and all is well except for 1 thing.
NAT / masquerading does no longer seem to work.
Has anyone seen an announcement of netfilter changes in this regard?
I didn't.
I have a qemu/kvm windows instance on my tap1 interface.
The host is connected through wlan0 itself and as wireless devices
cannot join a bridge, I've been using simple masquerading for some
time.
Just a simple "-A POSTROUTING -s 10.4.2.0/24 -o wlan0 -j MASQUERADE"
in the nat table, combined with turning on ip-forwarding.
With kernel 3.6, forwarding seems on, and iptables-save gives me the
same output as on kernel 3.5
Sniffing with tcpdump, I notice the following when I try to ping an
external host:
- incoming ping from 10.4.2.2 to X on tap1
- outgoing ping from 192.168.178.42 to X on wlan0
- incoming pong from X to 192.168.178.42 on wlan0
- nothing
So it appears the masquerading itself works, but the kernel is not
able to map the reply back to the sender.
As stated, same modules as on 3.5, so connection tracking, nat,
masquerading are all enabled.
Any suggestions on how to debug this further?
Thanks
Mathijs
More information about the nix-dev
mailing list