[Bug 71] dnat breaks connection tracking?

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Mon, 31 Mar 2003 12:29:13 +0200


https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71





------- Additional Comments From laforge@netfilter.org  2003-03-31 12:29 -------
I'm still not sure whether I understand correctly where the problem is.

Usually the flow of events is:

first packet of control connection comes in:
- conntrack entry is created at PRE_ROUTING
- NAT code assigns a nat binding to the connection (using PREROUTING+DNAT)
- NAT binding is applied to this and every futher packet in this connection
- ip_conntrack_ftp detects PASV/PORT and raises an expectation
- ip_nat_ftp alters this expectation to consider DNAT that happened
- first packet of data connection is coming in
- tuple of packet (with NAT'ed addresses) matches the tuple in the expectation
- expectfn() of ip_nat_ftp configures NAT bindings of data connection
- nat bindings are applied to this and all further packets.

So from what I gather, something in ip_nat_ftp seems not to be working, not
manipulating the expectation as intended.  Can you try to turn debugging in
ip_nat_ftp.c on (and/or insert a few printk's?)




------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.