I've verified that the module works fine if no bridge is used. Unfortunately
the patch doesn't fix the 2-calls-of-the-helper-function problem if a bridge
is applied to the system.
Ron
----- Original Message -----
From: "Patrick McHardy" <kaber@xxxxxxxxx>
To: "ron lai" <ronlai@xxxxxxxxxxxxxxx>
Cc: <netfilter@xxxxxxxxxxxxxxx>; <netfilter-devel@xxxxxxxxxxxxxxx>; "Bart De
Schuymer" <bdschuym@xxxxxxxxxx>
Sent: Tuesday, November 06, 2007 6:05 AM
Subject: Re: Fw: Problems with nf_nat_ftp.ko and nf_conntrack_ftp.ko in
2.6.22.6
ron lai wrote:
My ruleset is
iptables -t nat -A POSTROUTING -s 172.16.119.91 -j SNAT --to-source
172.16.255.123
I am using a bridge containing only one physical interface and the FTP
traffic goes through the bridge.
That explains it. The bridge netfilter code calls the IP POST_ROUTING
hook for outgoing packets, but the packet already went through it
during forwarding. Please try this patch, which makes the bridge
netfilter code only call the IP hook for packets that also came in
on the bridge.
--------------------------------------------------------------------------------
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 3ee2022..d8e5c94 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -773,7 +773,7 @@ static unsigned int br_nf_post_routing(unsigned int
hook, struct sk_buff **pskb,
}
#endif
- if (!nf_bridge)
+ if (!nf_bridge || !nf_bridge->physindev)
return NF_ACCEPT;
if (!realoutdev)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
