[Bug 554] Packet illegaly bypassing SNAT
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed May 2 07:38:51 CEST 2007
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554
------- Additional Comments From renean at gmx.de 2007-05-02 07:38 MET -------
I think the problem you describe has nothing to do with mine. I have only one
ISP at my machine. The environment before and after my router is ethernet. I
reproduced it using only internal traffic in my home ethernet.
After some research I came along some kernelpatches. It seems, that resetpackets
now do not establish a new entry in conntrack. Without that entry INVALID
packets reach the SNAT and get through it.
For fast reproduction without nmap-tricks it is possible to simply download
something really small with bittorrent. Under this condition many packets
hitting that criteria are generated and (without the hotfix) pass through the
router unNATed.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the netfilter-buglog
mailing list