[Bug 1427] New: can not reuse source port to a DNATed IP if it is being used by another connection
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Thu May 21 17:51:52 CEST 2020
https://bugzilla.netfilter.org/show_bug.cgi?id=1427
Bug ID: 1427
Summary: can not reuse source port to a DNATed IP if it is
being used by another connection
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: NAT
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: antonio.ojea.garcia at gmail.com
Scenario:
There is one established connection IP1:Port1 -> IP2:Port2
There is a DNAT rule like IP3:Port3 -> IP2:Port2
If a new connection is created from IP1 to IP3:Port3,
and this connection has source port Port1,
the connection can not be established,
because the incoming packet is not de-natted
The bug was originally reported in Kubernetes:
https://github.com/kubernetes/kubernetes/issues/90258
but I was able to reproduce it here:
https://gist.github.com/aojea/4ffb520db9f72de21685294d8fec7f33
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200521/e3bbbd34/attachment.html>
More information about the netfilter-buglog
mailing list