Dear all, I'm operating netfilter, kernel 2.6.25.17 on a router and I have noticed the following situation in using conntrack helper and NAT helper modules. When the reply connection which is expected by an expectation comes from a different IP and with the same source port as the destination port of the request, the reply connection gets dropped, although I have logged the connection in the FORWARD chain and it I could see it was successfully NATed. In my practical case the situation is the following: -Send request to 194.65.47.55, src port random, dst port 123. -Reply comes from 213.128.200.3, src port 123, dst port same as the src of the request. Expectation: 300 proto=17 src=0.0.0.0 dst=10.194.30.172 sport=123 dport=55437 10.194.30.172 is my router IP, then this gets NATed to a PC on the LAN. 55437 is the source port of the request. Can anyone tell me where is the code that matches the incoming connections to the expectations tables? Best Regards Hugo Mendes-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
