[Bug 1917920] [NEW] magic-proxy broke with iptables 1.8.7-1ubuntu2

Dimitri John Ledkov 1917920 at bugs.launchpad.net
Fri Mar 5 17:40:17 UTC 2021 

Public bug reported:

when iptables got upgraded from 1.8.5-3ubuntu4 to 1.8.7-1ubuntu2 magic
proxy stopped working in livecd-rootfs.

It does very simple thing:

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner
daemon -j REDIRECT --to 8080

inside hirsute lxd container, with quite high privileges, in a bionic
VM, running 4.15 kernel.

With 1.8.5 above worked fine, with 1.8.7 somehow there was no outbound
connectivity the very first http networking command after the above call
would just hang indefinitely.

However, if one does this instead:

iptables -vv -t nat -S
iptables-legacy -vv -t nat -S
iptables -vv -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080

somehow magically everything starts to work fine.

weird.

** Affects: launchpad
     Importance: Undecided
         Status: New

** Affects: iptables (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: livecd-rootfs (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: lxd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: launchpad
   Importance: Undecided
       Status: New

** Summary changed:

- magic-proxy broke with 1.8.7-1ubuntu2
+ magic-proxy broke with iptables 1.8.7-1ubuntu2

** Also affects: lxd (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: livecd-rootfs (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1917920

Title:
  magic-proxy broke with iptables 1.8.7-1ubuntu2

Status in Launchpad itself:
  New
Status in iptables package in Ubuntu:
  New
Status in livecd-rootfs package in Ubuntu:
  New
Status in lxd package in Ubuntu:
  New

Bug description:
  when iptables got upgraded from 1.8.5-3ubuntu4 to 1.8.7-1ubuntu2 magic
  proxy stopped working in livecd-rootfs.

  It does very simple thing:

  iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner
  daemon -j REDIRECT --to 8080

  inside hirsute lxd container, with quite high privileges, in a bionic
  VM, running 4.15 kernel.

  With 1.8.5 above worked fine, with 1.8.7 somehow there was no outbound
  connectivity the very first http networking command after the above
  call would just hang indefinitely.

  However, if one does this instead:

  iptables -vv -t nat -S
  iptables-legacy -vv -t nat -S
  iptables -vv -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon -j REDIRECT --to 8080

  somehow magically everything starts to work fine.

  weird.

To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1917920/+subscriptions

More information about the foundations-bugs mailing list