From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Dharmendra.T" Subject: RE: Small problem -> Prerouting Date: 16 Apr 2003 18:25:48 +0530 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1050497772.1001.8.camel@india> References: Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="=-M59EWqyqANPxnq0Y/1/k" Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: Matti Luoma Cc: netfilter@lists.netfilter.org --=-M59EWqyqANPxnq0Y/1/k Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Wed, 2003-04-16 at 18:17, Matti Luoma wrote: =EF=BB=BF Seems to be in use, so i cant remove it, so it has to be something else... =20 What module does PREROUTING need anyways? =20 =20 On Wed, 2003-04-16 at 17:41, Matti Luoma wrote:=20 Hiya! =20 Well i upgraded my kernel to 2.4.20 from 2.4.3, and also compil= ed newest=20 iptables 1.2.8 =20 now i got this weird problem with =20 example this line: =20 iptables -A PREROUTING -t nat -p UDP -d IP -dport port -j DNAT = --to IP:Port =20 It should works, and it works, but not anymore, SSH forwarding = like this=20 works thou =20 also im gettin some stuff in syslog: =20 kernel: NAT: 0 dropping untracked packet c66ab6c0 =20 i think these things are related, and probably some module is c= ausing this,=20 any ideas? =20 Cheers, Matti =20 I guess this is because of conntrack module. Just check do you = need this if not remove it.=20 Do onething, recompile the kernel and enable only the modules which you want to use.=20 I guess PREROUTING does not use any external module. If iptables is enabled PREROUTING will be enabled. Regards Dharmu --=-M59EWqyqANPxnq0Y/1/k Content-Type: text/html; charset=utf-8 On Wed, 2003-04-16 at 18:17, Matti Luoma wrote:

                    Seems to be in use, so i cant remove it, so it has to be something else...
 
                    What module does PREROUTING need anyways?
 
 
On Wed, 2003-04-16 at 17:41, Matti Luoma wrote: 
Hiya!

Well i upgraded my kernel to 2.4.20 from 2.4.3, and also compiled newest 
iptables 1.2.8

now i got this weird problem with

example this line:

iptables -A PREROUTING -t nat -p UDP -d IP -dport port -j DNAT --to IP:Port

It should works, and it works, but not anymore, SSH forwarding like this 
works thou

also im gettin some stuff in syslog:

kernel: NAT: 0 dropping untracked packet c66ab6c0

i think these things are related, and probably some module is causing this, 
any ideas?

Cheers,
Matti

I guess this is because of conntrack module. Just check do you need this if not remove it.

Do onething, recompile the kernel and enable only the modules which you want to use.
I guess PREROUTING does not use any external module. If iptables is enabled PREROUTING will be enabled.

Regards
Dharmu --=-M59EWqyqANPxnq0Y/1/k--