Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 77243

Summary: netfilter NAT/masquerade/SNAT with 2.6 IPSEC broken
Product: Gentoo Linux Reporter: Andrew Beekhof <beekhof>
Component: [OLD] Core systemAssignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status: RESOLVED TEST-REQUEST    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
URL: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143374
Whiteboard:
Package list:
Runtime testing required: ---

Description Andrew Beekhof 2005-01-09 09:05:43 UTC 
A known problem exists with netfilter NAT/masquerade/SNAT with 2.6 IPSEC.  The supplied URL contains further details and a link to a patch which addresses it.

Seen on Gentoo with gentoo-dev-sources: 2.6.9-gentoo-r13

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Daniel Drake (RETIRED) gentoo-dev 2005-01-09 10:04:29 UTC 
Have you tried with 2.6.10?
Comment 2 Andrew Beekhof 2005-01-09 12:19:22 UTC 
No, I just took the latest stable one from portage.  Is it likely to be fixed in there?
Comment 3 Daniel Drake (RETIRED) gentoo-dev 2005-01-09 12:31:51 UTC 
Can't say without someone trying it. Also, 2.6.10 is stable now.
Comment 4 Andrew Beekhof 2005-01-10 05:52:50 UTC 
There is an updated patch for 2.6.10 here: http://lists.netfilter.org/pipermail/netfilter-devel/attachments/20050104/db17e25f/ipsec-nat-2.6.10-0001.obj (Corresponding post: http://lists.netfilter.org/pipermail/netfilter-devel/2005-January/017961.html)

Thus it does not appear to have been included in mainline yet.  

The patch above applied cleanly against gentoo-dev-sources (2.6.10-gentoo-r4) which indicates that the patch also isnt part of the gentoo patch set.  

My conclusion... the issue is unlikely to be solved by using 2.6.10-r4.  I can try actually running it if someone really wants though.
Comment 5 Daniel Drake (RETIRED) gentoo-dev 2005-01-10 09:47:39 UTC 
Yes, please do. It may have been fixed in some other place.
Comment 6 Andrew Beekhof 2005-01-11 06:58:58 UTC 
Hard to say if its fixed in 2.6.10 or not - I couldnt make it work with or without the patch so I cant 100% rule out a configuration problem :(
Comment 7 Daniel Drake (RETIRED) gentoo-dev 2005-01-28 03:41:42 UTC 
Any progress on this? It would also be useful to try 2.6.11_rc2
Comment 8 Andrew Beekhof 2005-01-31 08:58:16 UTC 
Haven't had a chance to make progress (reverted to a 2.4 kernel instead).  Will try the kernel suggested and let you know the result.
Comment 9 Daniel Drake (RETIRED) gentoo-dev 2005-03-16 06:11:12 UTC 
If this is still a problem with the latest 2.6 kernels then please reopen.
Comment 10 Andrew Beekhof 2005-03-16 12:27:32 UTC 
Appologies for the delay...

Apparently Patrick McHardy is sponsering the required patches for inclusion in mainline post 2.6.11 - so unless its made it into the gentoo-dev patch set, its unlikely to be fixed.