COMMAND

    kernel (NAT)

SYSTEMS AFFECTED

    Linux

PROBLEM

    Andrej Todosic found following.  It was tested with linux firewall
    setup 2.2.5 or 2.2.10  and ipchains + Nat  + advanced router.   If
    you are less  than nine hops  away from it  ping -R and  (assuming
    the fw lets the packets go through) you get a kernel panic.   This
    happens only when going through the NAT code.

    ping -R a NAT end ip from a real ip (it has to go through the  fw)
    or ping -R a  real ip from a  NATed one fw has  to be below hop  9
    on this road  otherwise it doesnt  work.  Result:  complete kernel
    panic.

    A similar bug was found  in FreeBSD with natd/ipfw.   Scott tested
    it on his own computer (FreeBSD 3.2-STABLE) and the result was  an
    immediate result reboot without any logging.

SOLUTION

    Here's the patch:

    diff -ur ../vger-990630/linux/net/ipv4/route.c linux/net/ipv4/route.c
    --- ../vger-990630/linux/net/ipv4/route.c       Wed Jun 30 22:22:32 1999
    +++ linux/net/ipv4/route.c      Tue Jul 13 17:00:52 1999
    @@ -957,7 +957,7 @@

            if (rt->key.iif == 0)
                    src = rt->rt_src;
    -       else if (fib_lookup(&rt->key, &res) == 0)
    +       else if (fib_lookup(&rt->key, &res) == 0 && res.type != RTN_NAT)
                    src = FIB_RES_PREFSRC(res);
            else
                    src = inet_select_addr(rt->u.dst.dev, rt->rt_gateway,
    RT_SCOPE_UNIVERSE);

    Following firewall rule fixed the  problem on FreeBSD box.  Adjust
    it accordingly for the logging  options, etc.  Make sure  it's the
    1st rule listed.

        deny log ip from any to any ipopt rr