Bug 13079
Summary: | bridge not working when MASQUERADE is active | ||
---|---|---|---|
Product: | Networking | Reporter: | Sergey (a_s_y) |
Component: | Netfilter/Iptables | Assignee: | networking_netfilter-iptables (networking_netfilter-iptables) |
Status: | CLOSED DOCUMENTED | ||
Severity: | normal | CC: | alan, evg, kaber |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | 2.6.27 | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Sergey
2009-04-13 07:02:22 UTC
Some about workarounds. This is resolving the problem for 192.168.1.0/24: iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE But this is not: iptables -t nat -A POSTROUTING -o eth0.22 -j ACCEPT iptables -t nat -A POSTROUTING -o eth6.22 -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -j MASQUERADE Is this a problem with 802.1q also ? eth0.22 and eth6.22 are 802.1q interfaces And iptables -t nat -A POSTROUTING -o eth0.11 -s 192.168.0.0/16 -j MASQUERADE can be used as workaround too, if outgoing NAT interface(s) can be specified. I agree that this shouldn't be done by default, it has unfortunately been the default since the introduction of bridge netfilter and we can't change it now, at least not without a long warning period. (In reply to comment #3) leave the bug as memo ? Or close it ? |