Bug 126611 - "Fast NAT" routing but not NAT'ing
Summary: "Fast NAT" routing but not NAT'ing
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-06-23 19:05 UTC by Sean J. Vaughan
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-06-23 19:47:48 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Sean J. Vaughan 2004-06-23 19:05:23 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML, like Gecko)

Description of problem:
"Fast NAT" is broken in the Red Hat Enterprise Linux kernel 2.4.21-15.EL (and in all of the vanilla linux 2.6.x kernels).  Fast NAT is enabled by the CONFIG_IP_ROUTE_NAT kernel option.

Specifically, when Fast NAT rules are defined in the routing table (via the appropriate `ip` commands) packets are routed following the rules but the destination ip address is not changed (nat'ed) appropriately.

The cause seems to be that net/ipv4/ip_forward.c:ip_forward() and net/ipv4/ip_output.c:ip_output() functions no longer call the net/ipv4/ip_nat_dumb.c:ip_do_nat() function.  In the "vanilla" 2.4.21 linux kernel (and other 2.4 kernels) , ip_do_nat() is called appropriately from these functions.


Version-Release number of selected component (if applicable):
kernel-2.4.21-15.EL

How reproducible:
Always

Steps to Reproduce:
1.  Setup two linux boxes normally on the same layer 2 network.  I'm assuming the interfaces on both boxes are eth0.
2.  On the "Fast NAT" box (FNb), do the following as root:
  i. echo 1 > /proc/sys/net/ipv4/ip_forward
  ii. /sbin/ip addr add 10.10.10.1/24 dev eth0
  iii. /sbin/ip route add nat 10.10.10.3 via 10.10.10.2
  iv. /sbin/ip route flush cache
  v. run /usr/sbin/tcpdump -i eth0 net 10.10.10.0/24
3.  On the second box (sb), do the following as root:
  i. /sbin/ip addr add 10.10.10.2/24 dev eth0
  ii. /sbin/ip route add 10.10.10.3 via 10.10.10.1
  ii. ping 10.10.10.3
  iii. In a separate terminal, run /usr/sbin/tcpdump -i eth0 dst 10.10.10.3.

Actual Results:  The FNb tcpdump shows that it is receiving the ping echo requests destined for 10.10.10.3.  The sb tcpdump shows two entries for each ping echo request; once for when the packet was sent out and once for when it was received after been routed (but not nat'ed) via FNb

Expected Results:  For each ping echo request send, the sb tcpdump should show ping echo requests with 10.10.10.2 as the dst address (in addition to the 10.10.10.3 packets that it sends out).

Additional info:

Comment 1 David Miller 2004-06-23 19:47:48 UTC
FAST NAT is not a supported feature in RHEL3, it had to
be removed in order to integrate IPSEC support.


Comment 2 Sean J. Vaughan 2004-06-23 20:38:50 UTC
It seems incomplete that the CONFIG_IP_ROUTE_NAT option is still 
available (and used in route.c and friends) and that the (unused) 
ip_nat_dumb.c code is still distributed with kernels.  Is it the case 
that this option and code will eventually be taken out or will Fast 
NAT be put back in the kernel? 
 


Note You need to log in before you can comment on or make changes to this bug.