[Bug 227837] Re: [Hardy] overzealous masquerading affects vm to vm traffic

Bryce Harrington bryce at bryceharrington.org
Tue Mar 10 06:49:31 GMT 2009 

Heya Bruce,

Thanks for packaging the patch as a debdiff, that helps.

I see this is already fixed in Jaunty, so I'll close the development
task for that.

Because Hardy is already released, the process for getting changes into
it involves a bit more paperwork, and requires structuring the debdiffs
slightly differently.  They are targeted to 'hardy-proposed' instead of
'hardy', and the version numbering increments by .1's.  I fixed up your
debdiff accordingly and include it for your review.

I've also gone ahead and uploaded the fix to hardy-proposed so it'll be
available for testing.

The 'paperwork' is described at
https://wiki.ubuntu.com/StableReleaseUpdates - basically the process is
to help ensure changes that go out to everyone are 100% regression free
and fix issues that really do need fixed.  I'll fill out the bits I
know, could you please fill in the remaining blanks?  That part is
necessary (along with testing) in order to get the fix approved to move
from hardy-proposed to hardy.


** Attachment added: "libvirt_0.4.0-2ubuntu8.2.debdiff"
   http://launchpadlibrarian.net/23692402/libvirt_0.4.0-2ubuntu8.2.debdiff

** Description changed:

  The default masquerade rule appears to be:
  
  iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -j MASQUERADE
  
  but this causes all internally routed guest to guest traffic to be
  masqueraded too (breaking such things as redhat cluster dlm connections
  in my case).
  
  replacing the rule with the following seems to be a good solution:
  
  iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -d ! 192.168.122.0/24
  -j MASQUERADE
+ 
+ [Impact]
+ Causes inappropriate masquerading of internally routed traffic, which makes it difficult to test virtual clusters (among other things)
+ 
+ [How Addressed in Development]
+ This patch is a cherrypick from upstream's git tree.  This fix is already in the version carried in Jaunty today.
+ 
+ [Patch]
+ Attached is a minimal patch fixing the issue, taken from git upstream.
+ 
+ [Reproduction]
+ <steps to reproduce>
+ 
+ [Regression Potential]
+ <discuss how users could be inadvertently affected>

-- 
[Hardy] overzealous masquerading affects vm to vm traffic
https://bugs.launchpad.net/bugs/227837
You received this bug notification because you are a member of Ubuntu
Sponsors for main, which is a direct subscriber.

More information about the Ubuntu-main-sponsors mailing list