Thomas Woerner wrote:
Hello,
Using port forwarding from port 80 to 21 with nf_conntrack_ftp loaded
results in a kernel crash, when connecting to port 80 from a remote
host. This seems to be a problem for kernels > 2.6.18 including 2.6.24.
Steps to Reproduce:
host1> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT
--to :21
host1> iptables -t filter -A INPUT -i eth0 -m state --state NEW -m tcp
-p tcp --dport 21 -j ACCEPT
host1> modprobe ip_conntrack_ftp
host2> telnet host1 80
Attached is the kernel crash log for kernel 2.6.23.9-85.fc8PAE. I was
told that this kernel crash dump is incomplete, but it took several
attempts to get a log with more that 5 lines over serial console. The
kernel seems to die too fast.
This is already fixed in 2.6.23.10.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html