Masquerading has been reported broken by zerocopy. This is must-fix...
As per request more info -- SNIP -- This is going to hurt a lot of cablemodem users if we ship a combination with that bug Forwarded message: > From rusty.au Mon Mar 5 00:43:20 2001 > From: Rusty Russell <rusty.au> > To: wroberts1 > Cc: alan > Subject: Re: 2.4.2 and iptables_nat forwarding aint so hot > In-reply-to: Your message of "Sat, 03 Mar 2001 15:52:52 -0800." > <20010303155252.A1897.occa.home.com> > Date: Mon, 05 Mar 2001 16:42:14 +1100 > Sender: rusty.au > Message-Id: <E14Znl9-0007ox-00@halfway> > > In message <20010303155252.A1897.occa.home.com> you write: > > Today I tried upgrading to 2.4.2ac10 and use instructions on section > > 4.1 of nat-howto: > > > > modprobe iptable_nat > > iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > echo 1 > /proc/sys/net/ipv4/ip_forward > > > > I try to ping thru the thing, and I only get one reply. > > After trying that a few times, 2.4.2ac10 locked hard. > > Yeah, zero copy went in. I'm not all that surprised. > > Rusty.
Using kernel 2.4.2-0.1.19 and following Rusty's instructions to Arjan above. I was able to ping from the "NATee" through the "NATor" to locations both within and without Meridian. I also FTP'ed to metalab. I could find no anomalies, no lockups or oopses. Network Diagram NATee NATor 192.168.0.1 192.168.0.20 207.175.44.115 Outside world
Probably, you aren't using a zerocopy-capable ethernet card in your testing. For 100-baseT ethernet this currently means a 3c59x card. We think this is necessary to reproduce at this point.
No one else can replicate this bug, after extremely exhaustive testing.