[Bug 552] Strange DNAT behaviour... packet don't pass to PREROUTING
and go directly in INPUT !!
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Mon Mar 5 19:05:30 CET 2007
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552
------- Additional Comments From kaber at trash.net 2007-03-05 19:05 MET -------
DNAT only works on packets that connection tracking regards as valid, so the
most likely reason is that TCP window tracking for some reason thinks they are
not (retransmits, ...).
You can try:
a) echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
to log these packets and the reason why conntrack thinks they're invalid, or
b) iptables -t mangle -A PREROUTING -m state --state INVALID -j DROP
to drop them.
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
More information about the netfilter-buglog
mailing list