I'm trying to use the new netfilter nf_nat module in linux-2.6.20-rc3
and running into a minor issue: when I load the iptable_nat module, all
existing connections stop working, as if the packets are being dropped.
This is somewhat irritating since the root partition of the machine in
question is mounted via NFS and, or course, that stops working.
I've poked around a bit and this bit of nf_net_standalone.c appears to
be the culprit:
120: /* Don't try to NAT if this packet is not conntracked */
121: if (ct == &nf_conntrack_untracked)
122: return NF_ACCEPT;
123:
124: nat = nfct_nat(ct);
-> 125: if (!nat)
-> 126: return NF_DROP;
If I read this correctly, packets for connections which aren't tracked
at all are accepted, but packets for connections which are being tracked
don't have NAT knowledge are dropped.
Is there a good reason why line 126 shouldn't return NF_ACCEPT?
Cheers,
-Ted
