From 102e9607c63266c7f3413f8dcae51d9476e396e4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C5=81ukasz=20Stelmach?= Date: Thu, 21 Aug 2025 12:39:18 +0200 Subject: [PATCH] extensions: man: Add a note about route_localnet sysctl MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit See ip_route_input_slow() in net/ipv4/route.c in the Linux kernel sources. Signed-off-by: Łukasz Stelmach Signed-off-by: Florian Westphal --- extensions/libxt_DNAT.man | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/extensions/libxt_DNAT.man b/extensions/libxt_DNAT.man index 090ecb42..cbfa5478 100644 --- a/extensions/libxt_DNAT.man +++ b/extensions/libxt_DNAT.man @@ -23,6 +23,10 @@ its value is used as offset into the mapping port range. This allows one to crea shifted portmap ranges and is available since kernel version 4.18. For a single port or \fIbaseport\fP, a service name as listed in \fB/etc/services\fP may be used. +If \fIipaddr\fP is an IPv4 loopback address (i.e. 127.0.0.0/8) the +"net.ipv4.conf.*.route_localnet" sysctl for the input interface needs +to be set to 1. Otherwise packets will be dropped by the routing code +as "martians". .TP \fB\-\-random\fP Randomize source port mapping (kernel >= 2.6.22). -- 2.47.2