[pve-devel] pvefw: masquerade problems and conntrack zones
Dietmar Maurer
dietmar at proxmox.com
Mon Mar 10 13:17:58 CET 2014
> >>Mar 10 11:25:34 lola kernel: [259254.043987] MASQTEST: IN= OUT=vmbr1
> >>PHYSIN=tap116i0 PHYSOUT=pm1peer SRC=10.10.10.3 DST=8.8.8.8 LEN=84
> >>TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=ICMP TYPE=8 CODE=0
> ID=5639
> >>SEQ=1 >>MARK=0x1 Mar 10 11:25:34 lola kernel: [259254.044020]
> >>MASQTEST: IN= OUT=pm0 SRC=10.10.10.3 DST=8.8.8.8 LEN=84 TOS=0x00
> >>PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=5639 SEQ=1
> >>
> >>So it seem that now the POSTROUTING chain gets called twice. The second
> call has the correct output interface.
BTW, I just noticed that conntrack --zone needs kernel 3.10 (does not work with 2.6.32)
More information about the pve-devel
mailing list