bugzilla-daemon at netfilter.org
2019-Jun-27 16:07 UTC
[Bug 1346] New: REDIRECT tftp doesn't work with docker
https://bugzilla.netfilter.org/show_bug.cgi?id=1346
Bug ID: 1346
Summary: REDIRECT tftp doesn't work with docker
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: enhancement
Priority: P5
Component: nf_conntrack
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: maxim.kaskevich at gmail.com
REDIRECT target for tftp traffic doesn't work with tftp server launched
inside
docker container. Not sure it's iptables bug but same thing for http/https
works fine.
How to reproduce
On host machine:
# modprobe nf_conntrack_tftp
# sudo iptables -t nat -A PREROUTING -m mac --mac-source <REMOTE DEVICE
MAC> -p
udp --dport 69 -j REDIRECT --to-port 6969
# echo TEST > /var/tftpboot/hello.txt
# docker run -p 6969:69/udp -v /var/tftpboot:/var/tftpboot pghalliday/tftp
On device with <REMOTE DEVICE MAC>:
# tftp -g -r hello.txt <my ip>
Expect: file is downloaded
Actual results: "tftp: timeout"
System:
4.15.0-52-generic #56-Ubuntu SMP Tue Jun 4 22:49:08 UTC 2019 x86_64
Additional info:
- "conntrack -L" shows that packets from remote device are
"[UNREPLIED]"
- "tftp -g -r hello.txt <my ip> 6969" works fine
- I checked on the same enviroment: if instead docker, run regular tftp (I used
tftpd-hpa) and configure it to port 6969, tftp command on remote device works
fine.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190627/23b3531d/attachment.html>
bugzilla-daemon at netfilter.org
2019-Jul-01 16:35 UTC
[Bug 1346] REDIRECT tftp doesn't work with docker
https://bugzilla.netfilter.org/show_bug.cgi?id=1346 --- Comment #1 from Max <maxim.kaskevich at gmail.com> --- Docker version 18.09.5, build e8ff056 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190701/d853fc75/attachment.html>
Reasonably Related Threads
- Trouble with tftp
- Bug with H323 helper? Shorewall 4.5.16.1 as packaged up for Debian.
- CentOS 6.5: NFS server crashes with list_add corruption errors
- [Bug 1346] PAM environment takes precedence over SendEnv
- [Bug 1346] PAM environment takes precedence over SendEnv