[Bug 654311] [NEW] POSTROUTING NAT doesn't operate on ISAKMP traffic

Derek Chen-Becker 654311 at bugs.launchpad.net
Sun Oct 3 23:19:41 UTC 2010 

Public bug reported:

I have a Juniper firewall (SSG-5) that does ISAKMP with NAT behind my
linux server. This works with the following iptables rule under
linux-2.6.32.-24:

iptables -t nat -A POSTROUTING -s <my private network> -o eth1 -j SNAT
--to <my public static IP>

Under linux-2.6.32-25, the NAT rule shows up in the listing of "iptables
-t nat -nvL", but it fails to do a source translation. My private
network, an RFC 1918 non-routable network, simply leaks out my public
interface (confirmed by a tshark trace) and my ISP simply drops the
packets.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: linux-image-2.6.32-25-generic 2.6.32-25.44
Regression: Yes
Reproducible: Yes
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic x86_64
NonfreeKernelModules: nvidia
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.21.
Architecture: amd64
AudioDevicesInUse:
 USER        PID ACCESS COMMAND
 /dev/snd/controlC0:  derek      3777 F.... pulseaudio
 /dev/snd/pcmC0D0p:   derek      3777 F...m pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'SB'/'HDA ATI SB at 0xfe024000 irq 16'
   Mixer name	: 'Realtek ALC889A'
   Components	: 'HDA:10ec0885,1458a002,00100101'
   Controls      : 43
   Simple ctrls  : 24
Card1.Amixer.info:
 Card hw:1 'CX8801'/'Conexant CX8801 at 0xf8000000'
   Mixer name	: 'CX88'
   Components	: ''
   Controls      : 3
   Simple ctrls  : 2
Date: Sun Oct  3 17:08:36 2010
HibernationDevice: RESUME=UUID=23a81355-31a4-4075-9ec9-c69a56975b98
MachineType: Gigabyte Technology Co., Ltd. GA-MA69G-S3H
ProcCmdLine: BOOT_IMAGE=/vmlinuz-2.6.32-24-generic root=/dev/mapper/BigDisks-Root ro quiet splash rootfstype=ext4 nomodeset video=uvesafb:mode_option=1024x768-24,mtrr=3,scroll=ywrap
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
RelatedPackageVersions: linux-firmware 1.34.1
RfKill:
 
SourcePackage: linux
WpaSupplicantLog:
 
dmi.bios.date: 12/29/2008
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F7
dmi.board.name: GA-MA69G-S3H
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias: dmi:bvnAwardSoftwareInternational,Inc.:bvrF7:bd12/29/2008:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA69G-S3H:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA69G-S3H:rvr:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-MA69G-S3H
dmi.sys.vendor: Gigabyte Technology Co., Ltd.

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug lucid needs-upstream-testing networking regression-release

-- 
POSTROUTING NAT doesn't operate on ISAKMP traffic
https://bugs.launchpad.net/bugs/654311
You received this bug notification because you are a member of Kernel
Bugs, which is subscribed to linux in ubuntu.

More information about the kernel-bugs mailing list