[Bug 71] dnat breaks connection tracking?
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Thu, 03 Apr 2003 04:40:58 +0200
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71
------- Additional Comments From mbm@alt.org 2003-04-03 04:40 -------
Hmm, I was on the wrong track before with just calling ip_conntrack_in; while that works for the
baisc problem it doesn't address the larger issues.
Let's try solving a slightly more complex problem:
1. packet comes in
2. connection tracking says new, unrelated
3. dnat'd to one of the machine's alternate ip addresses
4. connection tracking now picks up the connection as expected (due to the dnat)
5. expect requests another nat
6. dnat'd to another machine on the local subnet
With the stock netfilter code I'd have trouble going from steps 3->4; at the end of 3 my packet
wouldn't be related and would simply be dropped. If I simply try to call resolve_ct again at step 3 I
can accomplish step 4 but it's probably too late to hit step 6 as I'm already out or on my way out of
the nat code.
Ideas?
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.