iptables nat prerouting redirect issue - rhel 5.5 64-bit
Wanted to see if anyone else has ever come across this. I have an ftp server running on RHEL 5.5 64-bit. I have the ftp daemon running as a non-privileged user so since it cannot bind to ports less than 1024, I'm having the daemon listen on higher ports and using iptables to redirect the traffic accordingly.
I'm logging all the denied traffic and noticing that a small percentage of the packets are not getting redirected properly. For example, I'm redirecting 443 traffic to 8443 and have a rule to allow 8443 in the filter table. While an upload is running, I see about 1 packet per second that doesn't get redirected and shows up in the filter table as 443 and is subsequently getting denied. Even if the traffic is allowed through in the filter table, the OS is not listening on that port and the ACK packet that was sent gets a RST packet back. It does not appear to impact the clients though and the daemon logs are not complaining.
Anyone see this redirect problem before?
Chad
|