From: Łukasz Stelmach <l.stelmach@samsung.com>
Date: Thu, 21 Aug 2025 10:38:40 +0000 (+0200)
Subject: doc: Add a note about route_localnet sysctl
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=refs%2Fheads%2Fmaster;p=thirdparty%2Fnftables.git

doc: Add a note about route_localnet sysctl

See ip_route_input_slow() in net/ipv4/route.c in the Linux
kernel sources.

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/doc/statements.txt b/doc/statements.txt
index 4aeb0a73..6226713b 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -459,6 +459,11 @@ netfilter and therefore no reverse translation will take place.
 The optional *prefix* keyword allows to map *n* source addresses to *n*
 destination addresses.  See 'Advanced NAT examples' below.
 
+If the 'address' for *dnat* is an IPv4 loopback address
+(i.e. 127.0.0.0/8) the "net.ipv4.conf.*.route_localnet" sysctl for the
+input interface needs to be set to 1. Otherwise packets will be
+dropped by the routing code as "martians".
+
 .NAT statement values
 [options="header"]
 |==================