bugzilla-daemon@bugzilla.netfilter.org
2007-Jan-09 14:32 UTC
[Bug 530] New: loading nf_nat verision of the iptable_nat module kills existing connections
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=530 Summary: loading nf_nat verision of the iptable_nat module kills existing connections Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: nf_conntrack AssignedTo: yasuyuki.kozakai@toshiba.co.jp ReportedBy: phelps@gnusto.com I'm trying to use the new netfilter nf_nat code in linux-2.6.20-rc3 and running into a minor issue: when I load the iptable_nat module, all existing connections stop working, as if the packets are being dropped. This is somewhat irritating since the root partition of the machine in question is mounted via NFS and, or course, that stops working. I've poked around a bit and this section of nf_net_standalone.c appears to be the culprit: 120: /* Don't try to NAT if this packet is not conntracked */ 121: if (ct == &nf_conntrack_untracked) 122: return NF_ACCEPT; 123: 124: nat = nfct_nat(ct); -> 125: if (!nat) -> 126: return NF_DROP; If I read this correctly, packets for connections which aren't tracked at all are accepted, but packets for connections which are being tracked don't have NAT information are dropped. Is there any reason why line 126 shouldn't return NF_ACCEPT? Thanks, -Ted -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Seemingly Similar Threads
- [Bug 530] loading nf_nat verision of the iptable_nat module kills existing connections
- [Bridge] [PATCH/RFC] Reduce call chain length in netfilter (take 2)
- [Bug 495] New: Netfilter Connection Tracking Race Condition in Kernel 2.4.x
- forwarding packets to service in same host without using loopback network
- ebtables locking issue