From cbd7aef7637a4ca647380118a2d3e9146121d5d2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C5=81ukasz=20Stelmach?= <l.stelmach@samsung.com>
Date: Thu, 21 Aug 2025 12:38:40 +0200
Subject: [PATCH] doc: Add a note about route_localnet sysctl
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

See ip_route_input_slow() in net/ipv4/route.c in the Linux
kernel sources.

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 doc/statements.txt | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/doc/statements.txt b/doc/statements.txt
index 4aeb0a73..6226713b 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -459,6 +459,11 @@ netfilter and therefore no reverse translation will take place.
 The optional *prefix* keyword allows to map *n* source addresses to *n*
 destination addresses.  See 'Advanced NAT examples' below.
 
+If the 'address' for *dnat* is an IPv4 loopback address
+(i.e. 127.0.0.0/8) the "net.ipv4.conf.*.route_localnet" sysctl for the
+input interface needs to be set to 1. Otherwise packets will be
+dropped by the routing code as "martians".
+
 .NAT statement values
 [options="header"]
 |==================
-- 
2.47.2