bugzilla-daemon at bugzilla.netfilter.org
2011-Dec-05 20:49 UTC
[Bug 763] New: dnat and snat not changing port numbers on sctp packets
http://bugzilla.netfilter.org/show_bug.cgi?id=763
Summary: dnat and snat not changing port numbers on sctp packets
Product: netfilter/iptables
Version: linux-2.6.x
Platform: x86_64
OS/Version: RedHat Linux
Status: NEW
Severity: normal
Priority: P3
Component: NAT
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy: nbollinger at gmail.com
Estimated Hours: 0.0
Looking at this patch, dnat and snat were changed to modify sctp packets
"Add SCTP/DCCP support to NAT targets"
http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=5a942f9501f7ce287e1c37c553eb02a1e269e081
While dnat and snat do change the destination/source ips, its not changing the
port numbers when specified. Is it possible to fix this so that ports can also
be modified?
I'm using iptables v1.4.12.1 with centos 6 kernel 2.6.32-71.29.1.el6.x86_64
This is an example of how I'm trying to use it to forward a sctp port:
iptables -t nat -A PREROUTING -p sctp -s 1.1.1.1 -d 2.2.2.2 --dport 9901 -j
DNAT --to-destination 3.3.3.3:9900
iptables -t nat -A POSTROUTING -p sctp -s 2.2.2.2 -d 3.3.3.3 --dport 9900 -j
SNAT --to-source 2.2.2.2:9901
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
Possibly Parallel Threads
- Does SCTP help against TCP reset attacks?
- [Bug 1225] New: Nft syntax error (snat, dnat using multiple maps)
- SNAT (or MASQUERADING) and DNAT question
- [Bug 920] New: DNAT: SNAT: --random and --persistent are not supported
- [Bug 1134] New: snat and dnat should accept mapping concatenated values for address and port
Wisdom of the Ancients
