Bug 53356 - iptables -j DNAT does not work in kernel 2.4.3-12
iptables -j DNAT does not work in kernel 2.4.3-12
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brock Organ
Depends On:
  Show dependency treegraph
Reported: 2001-09-07 05:30 EDT by Klaus Muth
Modified: 2007-04-18 12:36 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-09-07 05:30:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Klaus Muth 2001-09-07 05:30:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [de] (X11; U; Linux 2.4.2-2 i686; Nav)

Description of problem:
After reading about the ip_conntrack_ftp exploit I tried to get a new
kernel. I compiled the kernel with the same config, but now the port
forwarding rules do not work: the iptables commands are accepted, the
packets are counted, but there is no forwarding ;/. I dont't know whether
the packets are dropped or whatever.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Configure a firewall with some port forwarding rules
2. Try until all works fine
3. Upgrade the 2.4.2-2 kernel to a 2.4.3-12 kernel
4. The forwarded ports do not work

Additional info:

Chain PREROUTING (policy ACCEPT 65 packets, 11672 bytes)
 pkts bytes target     prot opt in     out     source              
    0     0 DNAT       tcp  --  any    any     anywhere      tcp dpt:ftp-data to:
    1    60 DNAT       tcp  --  any    any     anywhere         tcp dpt:ftp to:
    0     0 DNAT       tcp  --  any    any     anywhere         tcp dpt:http to:
    2   120 DNAT       tcp  --  any    any     anywhere         tcp dpt:2367 to:

Packets counted but not forwarded ;/
Comment 1 Klaus Muth 2001-09-20 09:54:01 EDT
This is a UTS-Bug (User too stupid). Portforwarding did not work, because
the server behind the firewall had no route back for the test (somebody
rebooted it).

Note You need to log in before you can comment on or make changes to this bug.