Bug #311

Detecting NAT and firewall rules on an interface is a PITA

Added by Dave Täht on Nov 27, 2011. Updated on Nov 27, 2011.
New Urgent Dave Täht


If there is any one place where I have shot myself in the foot hundreds of times this year alone, it’s on NAT. I keep plugging things into other things and missing a firewall rule or forgetting to turn off nat, and boom, any routing protocol daemon will get confused by this.

Merely ‘remembering’ as the idjit admin involved that interface X is natted is not good enough, at least, not for this idjit.

it would be good if there was a kernel event that a routing daemon could subscribe to, a query, a sysfs file, some sort of API that says ‘yes, virginia, this interface is natted for ipv4’ or ‘natted for ipv6’, and god help you if you announce any routes over it.

Similarly, being able to detect if a major firewall rule was in place, preventing forwarding in particular, would also help.

While you can do this via scripting, or maybe by linking to the iptables library, that’s painfully slow, and there is no ‘event’ per se’ that I know of. Maybe there is, who knows?

this was also sort of discussed on homenet, and when the NAT patches for ipv6 came around, I kind of lost it…


This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent Updates

Oct 20, 2023 Wiki page
What Can I Do About Bufferbloat?
Dec 3, 2022 Wiki page
Codel Wiki
Jun 11, 2022 Wiki page
More about Bufferbloat
Jun 11, 2022 Wiki page
Tests for Bufferbloat
Dec 7, 2021 Wiki page
Getting SQM Running Right

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine


Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation

Bufferbloat Related Projects

OpenWrt Project
Congestion Control Blog
Flent Network Test Suite
The Cake shaper
CeroWrt (where it all started)

Network Performance Related Resources

Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".