[Bug 839] New: SNAT66 does not work for bidirectional UDP

Tue Aug 6 12:18:39 CEST 2013

https://bugzilla.netfilter.org/show_bug.cgi?id=839

           Summary: SNAT66 does not work for bidirectional UDP
           Product: netfilter/iptables
           Version: unspecified
          Platform: x86_64
        OS/Version: Gentoo
            Status: NEW
          Severity: normal
          Priority: P5
         Component: NAT
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: saltyacid at gmail.com
   Estimated Hours: 0.0

Created attachment 410
  --> https://bugzilla.netfilter.org/attachment.cgi?id=410
kernel configuration

Tested on linux 3.10.4 gentoo KVM with iptables v1.4.19.1. I have attached the
kernel configuration file.

Setup SNAT using:
ip6tables -t nat -A POSTROUTING -o eth2 -j SNAT --to <public_ip6_addr>
Also tested with -p udp and using -s ip6_addr instead of -o but the result is
the same...

We send a packet from COMP1 which is behind NAT and attached to the gentoo
machine performing NAT via eth1, and COMP2 attached via eth2 will reply. When
using TCP or ICMPv6 everything works as expected but with UDP the reply is
dropped by the NAT device. So the first packet, sent from behind NAT is
properly translated and then received by COMP2, but the reply does not leave
netfilter on gentoo machine.

Using conntrack -f ipv6 -L it is possible to see that connection tracking is
set up as expected (but it is marked UNREPLIED - in the IPv4 case it does say
ASSURED).

Any ideas?

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.