Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 126611 - "Fast NAT" routing but not NAT'ing
"Fast NAT" routing but not NAT'ing
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Depends On:
  Show dependency treegraph
Reported: 2004-06-23 15:05 EDT by Sean J. Vaughan
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-06-23 15:47:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Sean J. Vaughan 2004-06-23 15:05:23 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML, like Gecko)

Description of problem:
"Fast NAT" is broken in the Red Hat Enterprise Linux kernel 2.4.21-15.EL (and in all of the vanilla linux 2.6.x kernels).  Fast NAT is enabled by the CONFIG_IP_ROUTE_NAT kernel option.

Specifically, when Fast NAT rules are defined in the routing table (via the appropriate `ip` commands) packets are routed following the rules but the destination ip address is not changed (nat'ed) appropriately.

The cause seems to be that net/ipv4/ip_forward.c:ip_forward() and net/ipv4/ip_output.c:ip_output() functions no longer call the net/ipv4/ip_nat_dumb.c:ip_do_nat() function.  In the "vanilla" 2.4.21 linux kernel (and other 2.4 kernels) , ip_do_nat() is called appropriately from these functions.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.  Setup two linux boxes normally on the same layer 2 network.  I'm assuming the interfaces on both boxes are eth0.
2.  On the "Fast NAT" box (FNb), do the following as root:
  i. echo 1 > /proc/sys/net/ipv4/ip_forward
  ii. /sbin/ip addr add dev eth0
  iii. /sbin/ip route add nat via
  iv. /sbin/ip route flush cache
  v. run /usr/sbin/tcpdump -i eth0 net
3.  On the second box (sb), do the following as root:
  i. /sbin/ip addr add dev eth0
  ii. /sbin/ip route add via
  ii. ping
  iii. In a separate terminal, run /usr/sbin/tcpdump -i eth0 dst

Actual Results:  The FNb tcpdump shows that it is receiving the ping echo requests destined for  The sb tcpdump shows two entries for each ping echo request; once for when the packet was sent out and once for when it was received after been routed (but not nat'ed) via FNb

Expected Results:  For each ping echo request send, the sb tcpdump should show ping echo requests with as the dst address (in addition to the packets that it sends out).

Additional info:
Comment 1 David Miller 2004-06-23 15:47:48 EDT
FAST NAT is not a supported feature in RHEL3, it had to
be removed in order to integrate IPSEC support.
Comment 2 Sean J. Vaughan 2004-06-23 16:38:50 EDT
It seems incomplete that the CONFIG_IP_ROUTE_NAT option is still 
available (and used in route.c and friends) and that the (unused) 
ip_nat_dumb.c code is still distributed with kernels.  Is it the case 
that this option and code will eventually be taken out or will Fast 
NAT be put back in the kernel? 

Note You need to log in before you can comment on or make changes to this bug.