I just wrote that patch and it really isn't the correct one. The attached one is better and I'll submit it to the netfilter team since the online git repository shows the original code.
Cheers, Alex -Tom On Thu, 2011-07-07 at 00:15 +0200, Alexander Wilms wrote: > No need to patch myself, can live with older iptables. > > Goal of my question was just to ask if it would be useful to open a bug > report. > But I guess a bug report exists already as a patch is available. > > Anyway, thank you for your great support, Tom, > > ...as always :-) > > ----- Ursprüngliche Mail ----- > Von: "Tom Eastep" <[email protected]> > An: "Shorewall Users" <[email protected]> > Gesendet: Donnerstag, 7. Juli 2011 00:05:32 > Betreff: Re: [Shorewall-users] DNAT behaves like DNAT- > > > On Wed, 2011-07-06 at 14:53 -0700, Tom Eastep wrote: > > > On Wed, 2011-07-06 at 23:46 +0200, Alexander Wilms wrote: > > My version is iptables-1.4.11+-21.1.i586 > That's where the bug is. > > - > Here is a patch to libxt_conntrack.c if you happen to be in a position to > build your own iptables. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car http://shorewall.net > \________________________________________________ > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
--- extensions/libxt_conntrack.c.orig 2011-06-08 06:26:17.000000000 -0700
+++ extensions/libxt_conntrack.c 2011-07-06 15:22:03.000000000 -0700
@@ -130,13 +130,13 @@
{.name = "ctexpire", .id = O_CTEXPIRE, .type = XTTYPE_UINT32RC,
.flags = XTOPT_INVERT},
{.name = "ctorigsrcport", .id = O_CTORIGSRCPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT|XTOPT_NBO},
{.name = "ctorigdstport", .id = O_CTORIGDSTPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT|XTOPT_NBO},
{.name = "ctreplsrcport", .id = O_CTREPLSRCPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT|XTOPT_NBO},
{.name = "ctrepldstport", .id = O_CTREPLDSTPORT, .type = XTTYPE_PORTRC,
- .flags = XTOPT_INVERT},
+ .flags = XTOPT_INVERT|XTOPT_NBO},
{.name = "ctdir", .id = O_CTDIR, .type = XTTYPE_STRING},
XTOPT_TABLEEND,
};
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
