[Bug 30051] Iptables or Kernel BUG
UbuPetr
ubu.petr at seznam.cz
Mon Apr 3 23:24:02 UTC 2006
Public bug reported:
Affects: linux-source-2.6.15 (Ubuntu)
Severity: Normal
Priority: (none set)
Status: Unconfirmed
Description:
Package: iptables
Version: 1.3.x
or
Package: linux-image-2.6, linux-image-2.4
Version: all versions
After start Forwarding through SNAT or MASQUERADE and the stop SNAT or
MASQUERADE you must unload end load again IPTables and NAT modules,
otherwise Forwarding will not work! Even further
<search.py?lg=en_cz&wd=even%20further> if you Flush NAT IPTables, you
must echo 0 > ip_forward before unload IPTables and NAT modules!
Demontration:
I disovered partial solution:
Operating sequence:
---disappear further hell things---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t mangle -F
iptables -t nat -F
iptables -F
reboot
---switch on - choose a) or b)---
a) iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
b) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
echo "1" > /proc/sys/net/ipv4/ip_forward
Listen the base of the problem. If wanna do with iptable_nat another
things, we must always switch off and switch on again, it will not proof
itself! Do you know, that is bug in kernel or iptables?
If we switch on SNAT:
---switch off iptables---
iptables -t nat -D POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
modprobe -r iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
If we switch on MASQUERADE:
---switch off iptables---
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
modprobe -r ipt_MASQUERADE iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
If we switch on SNAT and wanna use "iptables -t nat -F":
---switch off iptables---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
modprobe -r iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
echo "1" > /proc/sys/net/ipv4/ip_forward
If we switch on MASQUERADE and wanna use "iptables -t nat -F":
---switch off iptables---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
modprobe -r ipt_MASQUERADE iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
echo "1" > /proc/sys/net/ipv4/ip_forward
This is the important thing, if we use "iptables -t nat -F", we must do "echo "0" > /proc/sys/net/ipv4/ip_forward". If missed some step from this operating sequence or failed the order of procedure this operating sequence, forwarding evidently will not working anymore.
My PC:
CPU: P4 Prescott 2,66 GHz (533 FSB)
MB: FIC P4M-800M/T2 (Via PT800CE)
Memory: 1GB DDR 400 MHz single channel (2 x 512MB)
eth0: Realtek 8100C = RTL-8139/8139C/8139C+ (rev 10)
eth1: Edimax EN-9150TXL = VT6105 [Rhine-III] (rev 8b)
Affected Distros: Ubuntu/Kubuntu 5.10 (The Breezy Badger), Debian Etch/Sid and maybe more
Affected Kernels: 2.4.x, 2.6.x
Your's Sincerely, Petr Novák
ubu.petr at seznam.cz
PS: Excuse me for my bad english.
(http://groups.google.com/group/cz.comp.linux/browse_thread/thread/4013e2f5b22aeb26/517f96af44bae92b?hl=cs#517f96af44bae92b)
Public bug reported:
Affects: linux-source-2.6.15 (Ubuntu)
Severity: Normal
Priority: (none set)
Status: Unconfirmed
Description:
Package: iptables
Version: 1.3.x
or
Package: linux-image-2.6, linux-image-2.4
Version: all versions
After start Forwarding through SNAT or MASQUERADE and the stop SNAT or
MASQUERADE you must unload end load again IPTables and NAT modules,
otherwise Forwarding will not work! Even further
<search.py?lg=en_cz&wd=even%20further> if you Flush NAT IPTables, you
must echo 0 > ip_forward before unload IPTables and NAT modules!
Demontration:
I disovered partial solution:
Operating sequence:
---disappear further hell things---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t mangle -F
iptables -t nat -F
iptables -F
reboot
---switch on - choose a) or b)---
a) iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
b) iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
echo "1" > /proc/sys/net/ipv4/ip_forward
Listen the base of the problem. If wanna do with iptable_nat another
things, we must always switch off and switch on again, it will not proof
itself! Do you know, that is bug in kernel or iptables?
If we switch on SNAT:
---switch off iptables---
iptables -t nat -D POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
modprobe -r iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
If we switch on MASQUERADE:
---switch off iptables---
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
modprobe -r ipt_MASQUERADE iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
If we switch on SNAT and wanna use "iptables -t nat -F":
---switch off iptables---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
modprobe -r iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.4 -j SNAT --to-source 10.10.2.6
echo "1" > /proc/sys/net/ipv4/ip_forward
If we switch on MASQUERADE and wanna use "iptables -t nat -F":
---switch off iptables---
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -F
modprobe -r ipt_MASQUERADE iptable_nat iptable_filter
---switch on iptables---
modprobe iptable_nat
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE -s 192.168.2.4
echo "1" > /proc/sys/net/ipv4/ip_forward
This is the important thing, if we use "iptables -t nat -F", we must do "echo "0" > /proc/sys/net/ipv4/ip_forward". If missed some step from this operating sequence or failed the order of procedure this operating sequence, forwarding evidently will not working anymore.
My PC:
CPU: P4 Prescott 2,66 GHz (533 FSB)
MB: FIC P4M-800M/T2 (Via PT800CE)
Memory: 1GB DDR 400 MHz single channel (2 x 512MB)
eth0: Realtek 8100C = RTL-8139/8139C/8139C+ (rev 10)
eth1: Edimax EN-9150TXL = VT6105 [Rhine-III] (rev 8b)
Affected Distros: Ubuntu/Kubuntu 5.10 (The Breezy Badger), Debian Etch/Sid and maybe more
Affected Kernels: 2.4.x, 2.6.x
Your's Sincerely, Petr Novák
ubu.petr at seznam.cz
PS: Excuse me for my bad english.
(http://groups.google.com/group/cz.comp.linux/browse_thread/thread/4013e2f5b22aeb26/517f96af44bae92b?hl=cs#517f96af44bae92b)
--
Iptables or Kernel BUG
https://launchpad.net/malone/bugs/30051
More information about the kernel-bugs
mailing list