Re: [RFC PATCH v2 1/1] netfilter: nat: restore default DNAT behavior

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Mon, Jan 29, 2024 at 09:12:54PM +0000, Kyle Swenson wrote:
> When a DNAT rule is configured via iptables with different port ranges,
> iptables -t nat -A PREROUTING -p tcp -d -m tcp --dport 32000:32010
> -j DNAT --to-destination
> we seem to be DNATing to some random port on the LAN side. While this is
> expected if --random is passed to the iptables command, it is not
> expected without passing --random.  The expected behavior (and the
> observed behavior in v4.4) is the traffic will be DNAT'd to
> unless there is a tuple collision with that
> destination.  In that case, we expect the traffic to be instead DNAT'd
> to, so on so forth until the end of the range.
> This patch is a naive attempt to restore the behavior seen in v4.4.  I'm
> hopeful folks will point out problems and regressions this could cause
> elsewhere, since I've little experience in the net tree.

Would you post this without RFC tag and add provide a Fixes: tag.


[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux