[Bug 71] dnat breaks connection tracking?
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Mon, 31 Mar 2003 01:58:03 +0200
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71
------- Additional Comments From mbm@alt.org 2003-03-31 01:53 -------
Created an attachment (id=16)
config-2.4.20
------- Additional Comments From mbm@alt.org 2003-03-31 01:58 -------
It's just a stock 2.4.20 kernel
ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up
ifconfig eth0:0 24.247.211.234 netmask 255.255.255.255 up
route add default gw 192.168.1.1
iptables -t nat -A PREROUTING -p tcp -s \! 192.168.1.0/24 -d 192.168.1.2 -j LOG
--log-prefix "DNAT:"
iptables -t nat -A PREROUTING -p tcp -s \! 192.168.1.0/24 -d 192.168.1.2 -j DNAT
--to-destination 24.247.211.234
iptables -A INPUT -m state --state RELATED -j LOG --log-prefix "RELATED:"
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp -m multiport -m state --state NEW --destination-port
21,22 -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "REJECT:"
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.