Ticket #4713 (closed defect: duplicate)
Bad default firewall POSTROUTING rule for NAT on itnerfaces with aliases
|Reported by:||piotrek.zurek@…||Owned by:||jamor@…|
When enabling firewall module all outgoing traffic is wrongly sourced.
My configuration is:
eth0 physical lan interface with IP 192.168.144.14 and no defined gateway
eth0:virt1 with external IP 184.108.40.206 with gateway 220.127.116.11
eth0:virt2 with external IP 18.104.22.168 with gateway 22.214.171.124
Everything (routing, static routing, balancing, multigateway) works all right until I turn on the firewall module which puts this rule into POSTROUTING table:
SNAT all -- * eth0 !192.168.144.14 0.0.0.0/0 to:192.168.144.14[[BR]][[BR]]
which prevents me from getting any answer from my default routers on
126.96.36.199 and 188.8.131.52.
If I had a default gateway defined on physical interface's subnet I could have not spotted this until trying to ping through static routes.
When deleted (this rule) everything seems to work nicely.
I'm using Ubuntu's 12.04 and PPA for it version 2.3.7 of firewall module with hotfix for: #4705 (thanks for pointing me to it yesterday - fix works OK).
- Status changed from new to accepted
- Summary changed from Bad default firewall POSTROUTING rule. to Bad default firewall POSTROUTING rule for itnerfaces with alias
- Status changed from accepted to closed
- Resolution set to fixed
- Status changed from closed to reopened
- Resolution fixed deleted
- Summary changed from Bad default firewall POSTROUTING rule for itnerfaces with alias to Bad default firewall POSTROUTING rule for NAT on itnerfaces with aliases