[Bug 71] dnat breaks connection tracking?
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Mon, 31 Mar 2003 10:03:04 +0200
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71
------- Additional Comments From mbm@alt.org 2003-03-31 10:03 -------
Alright, I missed the "decision 'RELATED or not' happens before NAT is done"
remark in that last comment and only now realized it after walking through the code.
The packets don't match comming in; it's not until after the dnat in the
prerouting that they'd ever match and there's no connection tracking hook there.
(I'd consider this a bug)
I'm still working my way through the netfilter code so feel free to jump in and
correct me at any point; it looks like what I need is to patch
ip_conntrack_standalone.c so that there's another call to ip_conntrack_in. It
only matters for NF_IP_LOCAL_IN, probably set at NF_IP_PRI_LAST.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.