Re: [Shorewall-users] DNAT behaves like DNAT-

Wed, 06 Jul 2011 15:08:02 -0700 

On Wed, 2011-07-06 at 14:53 -0700, Tom Eastep wrote:

> On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote: 
> 
> > My version is iptables-1.4.11+-21.1.i586
> 
> 
> That's where the bug is.
> 
> -

Here is a patch to libxt_conntrack.c if you happen to be in a position
to build your own iptables.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________


--- libxt_conntrack.c.orig	2011-06-08 06:26:17.000000000 -0700
+++ libxt_conntrack.c	2011-07-06 14:58:55.000000000 -0700
@@ -422,15 +422,15 @@
 			info->invert_flags |= XT_CONNTRACK_EXPIRES;
 		break;
 	case O_CTORIGSRCPORT:
-		info->origsrc_port = cb->val.port_range[0];
-		info->origsrc_port_high = cb->val.port_range[cb->nvals >= 2];
+	        info->origsrc_port = htons(cb->val.port_range[0]);
+		info->origsrc_port_high = htons(cb->val.port_range[cb->nvals >= 2]);
 		info->match_flags |= XT_CONNTRACK_ORIGSRC_PORT;
 		if (cb->invert)
 			info->invert_flags |= XT_CONNTRACK_ORIGSRC_PORT;
 		break;
 	case O_CTORIGDSTPORT:
-		info->origdst_port = cb->val.port_range[0];
-		info->origdst_port_high = cb->val.port_range[cb->nvals >= 2];
+	        info->origdst_port = htons(cb->val.port_range[0]);
+		info->origdst_port_high = htons(cb->val.port_range[cb->nvals >= 2]);
 		info->match_flags |= XT_CONNTRACK_ORIGDST_PORT;
 		if (cb->invert)
 			info->invert_flags |= XT_CONNTRACK_ORIGDST_PORT;

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security 
threats, fraudulent activity, and more. Splunk takes this data and makes 
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to