Masquerading has been reported broken by zerocopy. This is
As per request more info
-- SNIP --
This is going to hurt a lot of cablemodem users if we ship a combination with
> From firstname.lastname@example.org Mon Mar 5 00:43:20 2001
> From: Rusty Russell <email@example.com>
> To: firstname.lastname@example.org
> Cc: email@example.com
> Subject: Re: 2.4.2 and iptables_nat forwarding aint so hot
> In-reply-to: Your message of "Sat, 03 Mar 2001 15:52:52 -0800."
> Date: Mon, 05 Mar 2001 16:42:14 +1100
> Sender: firstname.lastname@example.org
> Message-Id: <E14Znl9-0007ox-00@halfway>
> In message <20010303155252.A1897@cx983858-b.orng1.occa.home.com> you write:
> > Today I tried upgrading to 2.4.2ac10 and use instructions on section
> > 4.1 of nat-howto:
> > modprobe iptable_nat
> > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > I try to ping thru the thing, and I only get one reply.
> > After trying that a few times, 2.4.2ac10 locked hard.
> Yeah, zero copy went in. I'm not all that surprised.
Using kernel 2.4.2-0.1.19
and following Rusty's instructions to Arjan above.
I was able to ping from the "NATee" through the "NATor" to locations both within
and without Meridian. I also FTP'ed to metalab. I could find no anomalies, no
lockups or oopses.
192.168.0.1 192.168.0.20 22.214.171.124 Outside world
Probably, you aren't using a zerocopy-capable ethernet card in your
testing. For 100-baseT ethernet this currently means a 3c59x card.
We think this is necessary to reproduce at this point.
No one else can replicate this bug, after extremely exhaustive testing.