[IPTABLES][SecureNAT][DUP] new mode of nat makes server dup

Nemesiz · Post by **Nemesiz** » Thu Jan 07, 2016 5:39 pm

With v4.19-9582-beta version new problems appeared. Turning SecureNAT on any hub Softether creates 2 IPTABLES rules and ping starts DUP.

Example:

Hub 1 configuration:
SecureNat OFF
Bridge tap

Hub 2 configuration:
SecureNat ON
no Bridge

IPTABLES new rules appears after Hub 2 was turned on:

-A OUTPUT ! -s 127.159.195.102/32 ! -d 127.60.251.72/32 -p icmp -m icmp --icmp-type 3/3 -m connmark ! --mark 0x75e87a13 -j DROP
-A OUTPUT ! -s 127.223.44.66/32 ! -d 127.55.3.45/32 -p tcp -m tcp --sport 61001:65535 --tcp-flags RST RST -m connmark ! --mark 0x3de38eb4 -j DROP

Ping result to tap (tap device IP 172.17.1.2, X.X.X.X - public IP):

64 bytes from 172.17.1.2: icmp_seq=178 ttl=64 time=0.045 ms
64 bytes from 172.17.1.2: icmp_seq=179 ttl=64 time=0.052 ms
64 bytes from X.X.X.X: icmp_seq=179 ttl=128 time=0.406 ms (DUP!)
64 bytes from 172.17.1.2: icmp_seq=180 ttl=64 time=0.068 ms
64 bytes from X.X.X.X: icmp_seq=180 ttl=128 time=0.229 ms (DUP!)

Same results come pinging from LAN.

Post by **thisjun** » Thu Jan 21, 2016 7:37 am

It's raw mode secureNAT behavior.
If you don't like it, please disable raw mode SecureNAT.
Please read update history of Build 9582.
http://www.softether.org/5-download/history

[IPTABLES][SecureNAT][DUP] new mode of nat makes server dup

[IPTABLES][SecureNAT][DUP] new mode of nat makes server dup

Re: [IPTABLES][SecureNAT][DUP] new mode of nat makes server