[Bug 1346] New: REDIRECT tftp doesn't work with docker

[bugzilla-daemon at netfilter.org]

https://bugzilla.netfilter.org/show_bug.cgi?id=1346

            Bug ID: 1346
           Summary: REDIRECT tftp doesn't work with docker
           Product: netfilter/iptables
           Version: unspecified
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: nf_conntrack
          Assignee: netfilter-buglog at lists.netfilter.org
          Reporter: maxim.kaskevich at gmail.com

REDIRECT target for tftp traffic doesn't work with tftp server launched inside
docker container. Not sure it's iptables bug but same thing for http/https
works fine. 

How to reproduce
On host machine:

# modprobe nf_conntrack_tftp
# sudo iptables -t nat -A PREROUTING -m mac --mac-source <REMOTE DEVICE MAC> -p
udp --dport 69 -j REDIRECT --to-port 6969
# echo TEST > /var/tftpboot/hello.txt
# docker run -p 6969:69/udp -v /var/tftpboot:/var/tftpboot pghalliday/tftp

On device with <REMOTE DEVICE MAC>:

# tftp  -g -r hello.txt <my ip>

Expect: file is downloaded
Actual results: "tftp: timeout"


System:
4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64

Additional info:
- "conntrack -L" shows that packets from remote device are "[UNREPLIED]" 
- "tftp  -g -r hello.txt <my ip> 6969" works fine
- I checked on the same enviroment: if instead docker, run regular tftp (I used
tftpd-hpa) and configure it to port 6969, tftp command on remote device works
fine.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190627/23b3531d/attachment.html>