On Thursday 2011-07-07 00:50, Tom Eastep wrote: >Using iptables 4.4.11.1, the following input: > >-A lan-dmz -p 6 --dport 80 -m conntrack --ctorigdstport 8080 -d 70.90.191.125 -m conntrack --ctorigdst 172.20.1.254 -j ACCEPT > >Results in this: > >Chain lan-dmz (1 references) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 70.90.191.125 tcp dpt:80 ctorigdstport 36895 ctorigdst 172.20.1.254 > >Note that 8080 == 0x1f90 while 36895 == 0x901f. > >The attached patch seems to resolve the issue. Thanks, taken it in. FTR, links to DUPLICATE candidates: http://bugs.debian.org/632804 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html