[Bug 71] dnat breaks connection tracking?
bugzilla-daemon@netfilter.org
bugzilla-daemon@netfilter.org
Mon, 31 Mar 2003 12:29:13 +0200
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=71
------- Additional Comments From laforge@netfilter.org 2003-03-31 12:29 -------
I'm still not sure whether I understand correctly where the problem is.
Usually the flow of events is:
first packet of control connection comes in:
- conntrack entry is created at PRE_ROUTING
- NAT code assigns a nat binding to the connection (using PREROUTING+DNAT)
- NAT binding is applied to this and every futher packet in this connection
- ip_conntrack_ftp detects PASV/PORT and raises an expectation
- ip_nat_ftp alters this expectation to consider DNAT that happened
- first packet of data connection is coming in
- tuple of packet (with NAT'ed addresses) matches the tuple in the expectation
- expectfn() of ip_nat_ftp configures NAT bindings of data connection
- nat bindings are applied to this and all further packets.
So from what I gather, something in ip_nat_ftp seems not to be working, not
manipulating the expectation as intended. Can you try to turn debugging in
ip_nat_ftp.c on (and/or insert a few printk's?)
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.