Opened 13 years ago

Closed 13 years ago

#30 closed defect (invalid)

DNAT log line shows wrong destination

Reported by: Victor Julien Owned by: Victor Julien
Priority: major Milestone: 0.6
Component: vuurmuur Version: 0.5.74 alpha 1
Keywords: Cc:


Nov 15 20:44:53: DNAT http -> firewall(inet-nic) 'http visit' (in: ppp0 -> TCP flags: S* len:60 ttl:54)

It should not show 'firewall' as destination, but the real destination after NAT.

Change History (2)

comment:1 by Victor Julien, 13 years ago

This is the netfilter log line. The final dest is not shown, so it may be hard to fix this.

Nov 15 20:44:53 sanctorium kernel: vrmr: DNAT http visit IN=ppp0 OUT= MAC= SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=41206 DF PROTO=TCP SPT=36198 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

comment:2 by Victor Julien, 13 years ago

Resolution: invalid
Status: newclosed

This cannot be fixed by Vuurmuur as it's not really a bug. Luckily, there is an easy workaround. The DNAT rule doesn't accept traffic in itself. It needs an ACCEPT, QUEUE or NFQUEUE rule for that. If logging is enabled on that rule, the source and destination are shown correctly.

Note: See TracTickets for help on using tickets.