Modify

Opened 10 years ago

Closed 9 years ago

Last modified 4 years ago

#2570 closed defect (duplicate)

Off-by-one error with -j DNAT (brcm 2.4)

Reported by: dottedmag@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: kernel Version:
Keywords: Cc:

Description

After some time DNAT starts redirecting packets to the <port>+1, then to the <port>+2 etc while requested to redirect to <port>. Flushing iptables configuration and loading it back does not help. Reboot fixes this problem for a some time.

iptables configuration is attached. Any another output from the properly functioning/in "+1" condition is needed?

Hardware: asus wl500gx.
Software: kamikaze 7.09 with pristine kernel and minimal userspace tweaks.

Attachments (1)

cloud-iptables.txt (8.3 KB) - added by dottedmag@… 10 years ago.

Download all attachments as: .zip

Change History (8)

Changed 10 years ago by dottedmag@…

comment:1 Changed 10 years ago by cafuego

I've got the same problem here, makes it pretty hard to force the use of a transproxy ;-)

Hardware: wrt54gl v1.1. Software: kamikaze 7.09 with pristine kernel and no userspace tweaks.

comment:2 Changed 10 years ago by devel@…

same problem here:
WRT54G with Kamimaze 7.09 - default kernel 2.4

the problem never happens with kernel 2.6

comment:3 Changed 10 years ago by larstiq

I'm experiencing something similar, after a while DNAT to a couple of ports doesn't work anymore, yet others do. Unfortunately it's always ssh that stops working.

comment:4 Changed 9 years ago by Soltis

This bug is still an issue as of a couple weeks ago (pulled from SVN).

comment:5 Changed 9 years ago by Heiner

Same thing here with 7.09 kernel 2.4 on WRT54G.

Forwarding from externalIP:2222 to internalIP:22 breaks after
some time (some weeks) and I see rejected packages which would have gone to
internalIP:23.
Fortunately I can connect to the openWRT-box (another externalIP) and reboot
it, which fixes the issue for another couple of weeks, or so.

iptables -t nat -A prerouting_wan -d 1.2.3.4 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.88.99:22

seems to become

iptables -t nat -A prerouting_wan -d 1.2.3.4 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 192.168.88.99:23

then, while the forward to port 23 is still forbidden and dropped.

Next time I'll check iptables --list... to see if I can see something.

comment:6 Changed 9 years ago by jow

  • Resolution set to duplicate
  • Status changed from new to closed

see #2558

comment:7 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.