2 files changed, 20 insertions, 0 deletions

diff --git a/qa/testsuite/03nat b/qa/testsuite/03nat
index 69fbff7..f94e8ff 100644
--- a/qa/testsuite/03nat
+++ b/qa/testsuite/03nat
@@ -32,5 +32,9 @@
 -L --dst-nat 3.3.3.3:80 ; OK
 # show
 -L --any-nat 3.3.3.3:80 ; OK
+# show
+-L --dst-nat 3.3.3.3:81 ; OK
+# show
+-L --dst-nat 1.1.1.1:80 ; OK
 # delete
 -D -s 1.1.1.1 ; OK
diff --git a/src/conntrack.c b/src/conntrack.c
index a5b49dd..6fdd1b4 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -890,10 +890,18 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
 				has_srcnat = 1;
 		}
 		if (nfct_attr_is_set(obj, ATTR_SNAT_PORT)) {
+			int ret = 0;
+
 			check_port = 1;
 			port = nfct_get_attr_u16(obj, ATTR_SNAT_PORT);
 			if (nfct_getobjopt(ct, NFCT_GOPT_IS_SPAT) &&
 			    port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_DST))
+				ret = 1;
+
+			/* the address matches but the port does not. */
+			if (check_address && has_srcnat && !ret)
+				has_srcnat = 0;
+			if (!check_address && ret)
 				has_srcnat = 1;
 		}
 		if (!check_address && !check_port &&
@@ -912,10 +920,18 @@ filter_nat(const struct nf_conntrack *obj, const struct nf_conntrack *ct)
 				has_dstnat = 1;
 		}
 		if (nfct_attr_is_set(obj, ATTR_DNAT_PORT)) {
+			int ret = 0;
+
 			check_port = 1;
 			port = nfct_get_attr_u16(obj, ATTR_DNAT_PORT);
 			if (nfct_getobjopt(ct, NFCT_GOPT_IS_DPAT) &&
 			    port == nfct_get_attr_u16(ct, ATTR_REPL_PORT_SRC))
+				ret = 1;
+
+			/* the address matches but the port does not. */
+			if (check_address && has_dstnat && !ret)
+				has_dstnat = 0;
+			if (!check_address && ret)
 				has_dstnat = 1;
 		}
 		if (!check_address && !check_port &&