On Fri, Jul 29, 2005 at 03:11:35PM +0300, Denis Vlasenko wrote: > Note that REDIRECT loads ip_conntrack, and this seem to > cause problems, see another bugzilla entry at > https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=339 REDIRECT is a for of DNAT, like you correctly state. DNAT _needs_ ip_conntrack, so that's not what is causing problems. Causing problems is probably the nf_reset() and other hacks that were put into the briding code to remove conntrack references once a packet enters the bridge (in order to make the 'fake iptables hooks' from the bridging code work). There were recently a number of fixes for this issue, which each caused new bugs. Could you please try with a current development kernel (linus' git tree, or davem's net-2.6.14 tree) and see if the problem persists? -- - Harald Welte <[email protected]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgpA3L8AO2mVb.pgp
Description: PGP signature
- References:
- iptables redirect is broken on bridged setup
- From: Denis Vlasenko <[email protected]>
- Re: iptables redirect is broken on bridged setup
- From: Jan Engelhardt <[email protected]>
- Re: iptables redirect is broken on bridged setup
- From: Denis Vlasenko <[email protected]>
- iptables redirect is broken on bridged setup
- Prev by Date: Re: iptables redirect is broken on bridged setup
- Next by Date: Re: 2.6.11-rc5 and 2.6.12: cannot transmit anything
- Previous by thread: Re: iptables redirect is broken on bridged setup
- Next by thread: Re: iptables redirect is broken on bridged setup
- Index(es):
