[Bug 1613] SSH disconnects when adding Masquerade rule
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sat Sep 30 17:17:55 CEST 2023
https://bugzilla.netfilter.org/show_bug.cgi?id=1613
Florian Westphal <fw at strlen.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fw at strlen.de
--- Comment #1 from Florian Westphal <fw at strlen.de> ---
This behaviour is expected.
On a clean-slate systen, adding the masquerading rule enables connection
tracking. Conntrack defaults to mid-stream pickup enabled
(net.netfilter.nf_conntrack_tcp_loose=1).
You can set this to 0 to avoid the pickup.
Or you can restrict the masquerade rule to "ct state new" to avoid nat kicking
in for picked-up connections.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20230930/2917f0ff/attachment.html>
More information about the netfilter-buglog
mailing list