Bug 174239

Summary: netfilter vpn problems.
Product: [Fedora] Fedora Reporter: Need Real Name <schneck>
Component: kernelAssignee: Dave Jones <davej>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: 4CC: pfrields, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-29 23:23:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2005-11-26 10:44:48 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:

Sorry about my poor english.

Problem with IPTALBLES and Kernel: 2.6.14-1.1637_FC4
with INBOUND MS VPN 
(IP Port47
TCP Port 1723
UDP Port 500
UDP Port 1701)


OUTBOUND MS VPN is OK ! with kernel-2.6.14-1.1637_FC4 

The Problem is only at INBOUND connections
not with OUTBOUND connections.


We have a Firewall with Fedora Core 4 and iptables.
Behind the Firewall (NAT and MASQUERADE) is a Microsoft VPN Server.

IPFORWARD is activ
(
cat /proc/sys/net/ipv4/ip_forward
1
)

If we use the Kernel 2.6.13-1.1532_FC4, all is working fine.
When we use the Kernel 2.6.14-1.1637_FC4 the VPN Auth. is
not OK. It STOPs at the User & Password check.

We use the SAME IPTABLES Policy !!! 

Can you please tell me, what information do you need
to fix this Problem in the next Kernel Release for Fedora Core 4 ???


We have a Problem with this Kernel: 2.6.14-1.1637_FC4 too.
Core DUMPs if stop / reload iptables.

Unloading iptables modules: FAILED

This Problem is not with Kernel: 2.6.13-1.1532_FC4
and the Kernel Version below.



Version-Release number of selected component (if applicable):
iptalbes-1.3.0-2, kernel-2.6.14-1.1637_FC4

How reproducible:
Always

Steps to Reproduce:
1.Boot Kernel 2.6.14-1.1637_FC4
2.load iptables policy
3.try to make a Microsoft VPN-Connect (INBOUND) behind the Firewall (NAT)
  

Actual Results:  
If we use kernel-2.6.14-1.1637_FC4, the MS VPN-Connect
is STOP at AUTH: User and Password

No Entry on the Windows Server Logfiles.


With kernel-kernel-2.6.13-1.1532_FC4 or below all is OK.
(VPN Login and LOGFile Entrys on the Windows Server)



Additional info:

Additional Information:


/etc/init.d/iptables stop

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ FAILED ]
Comment 1 Thomas Woerner 2005-11-28 09:28:24 UTC 
iptables is the userland configuration tool, but this is a kernel netfilter problem.

Assigning to kernel.
Comment 2 Dave Jones 2005-11-28 20:17:42 UTC 
please try with the 1644 kernel update that went out today.
(If your yum mirror hasn't got it yet, you can also find it at
http://people.redhat.com/davej/kernels/Fedora/FC4/)
Comment 3 Schneck Dennis 2005-11-29 12:29:07 UTC 
Thanks a lot !
with: Kernel 2.6.14-1.1644_FC4 #1 Sun Nov 27 03:25:11

the Problem is FIXED

Dennis