My version is iptables-1.4.11+-21.1.i586
----- Ursprüngliche Mail ----- Von: "Tom Eastep" <[email protected]> An: "Shorewall Users" <[email protected]> Gesendet: Mittwoch, 6. Juli 2011 23:40:09 Betreff: Re: [Shorewall-users] DNAT behaves like DNAT- On Wed, 2011-07-06 at 23:16 +0200, Alexander Wilms wrote: Hi Tom, here it comes: horewall 4.4.20.3 Chain net2loc0 at fire - Mi 6. Jul 23:14:49 CEST 2011 Counters reset Mi 6. Jul 23:14:15 CEST 2011 Chain net2loc0 (1 references) pkts bytes target prot opt in out source destination 260 61740 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT 89 -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 /* Ping */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.2 tcp dpt:22 ctorigdstport 14027 ctorigdst 62.143.214.30 Although the original destination port was 52022, iptables is interpreting it as 14027. I have the same problem where port 8080 is being interpreted as 36895. Looks like the iptables code is missing a call to hton() since 8080 = 0x1f90 and 36895 = 0x901f. In your case, 52022 = 0xcb36 while 15027 = 0x36cb. Which iptables version are you running? The bug appears in iptables 1.4.11 but is absent in iptables 1.4.8. Probably in Jan's new guided option parser for ctstate. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
