[Bug 71] dnat breaks connection tracking?

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Mon, 31 Mar 2003 01:58:03 +0200


------- Additional Comments From mbm@alt.org  2003-03-31 01:53 -------
Created an attachment (id=16)

------- Additional Comments From mbm@alt.org  2003-03-31 01:58 -------
It's just a stock 2.4.20 kernel

ifconfig eth0 netmask up
ifconfig eth0:0 netmask up
route add default gw

iptables -t nat -A PREROUTING -p tcp -s \! -d -j LOG
--log-prefix "DNAT:"
iptables -t nat -A PREROUTING -p tcp -s \! -d -j DNAT

iptables -A INPUT -m state --state RELATED -j LOG --log-prefix "RELATED:"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s -j ACCEPT
iptables -A INPUT -p tcp -m multiport -m state --state NEW --destination-port
21,22  -j ACCEPT

iptables -A INPUT -j LOG --log-prefix "REJECT:"
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.