Bug 106799 - iptables rule using specific ip and netmask works incorrectly
iptables rule using specific ip and netmask works incorrectly
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.3
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-10-10 14:20 EDT by Need Real Name
Modified: 2007-03-27 00:10 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-10-13 08:30:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2003-10-10 14:20:35 EDT
Description of problem:
When you add an accounting rule to iptables using the address 64.42.222.96/26 
it does not work, but seems to add another rule that is different.
The rule I add is:
iptables -A acct-in -d 64.42.222.96/26 -j RETURN
The rule that shows in a list (using iptables -nL acct-in) is:
Chain acct-in (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            64.42.222.64/26

This situation renders one unable to get correct stats for the subnet 
(64.42.222.96/26). BIG DEAL FOR ME, as I have to invoice based on usage. 
(bummer)
If I add two or more rules (this is what I really want to do:
iptables -A acct-in -d 64.42.222.32/28 -j RETURN
iptables -A acct-in -d 64.42.222.64/26 -j RETURN
iptables -A acct-in -d 64.42.222.96/26 -j RETURN

I get this:
RETURN     all  --  0.0.0.0/0            64.42.222.32/28
RETURN     all  --  0.0.0.0/0            64.42.222.64/26
RETURN     all  --  0.0.0.0/0            64.42.222.64/26

The counters for a verbose listing show that stats are racking up for the first 
subnet 64/26 and nothing for the second (supposed to be 96/26). This probably 
means the problem is not just a bad listing, but that the rule is broken when 
it is put in (iptables -A command). 


Version-Release number of selected component (if applicable):
iptables-1.2.8-8.72.3

How reproducible:
Every time.

Steps to Reproduce:
1. iptables -N acct-in
2. iptables -F acct-in
3. iptables -A acct-in -d 64.42.222.96/26 -j RETURN
4. iptables -nL acct-in
    
Actual results:
iptables added a rule for the IP/mask 64.42.222.64/26 and not the intended 
64.42.222.96/26

Expected results:
iptables should have added a rule for the IP/mask 64.42.222.96/26

Additional info:
I am running this on RedHat Linux 7.3 with kernel 2.4.20-20.7
My phone number is: (204) 480-3003 or 1(866)316-1333
Comment 1 Thomas Woerner 2003-10-13 08:30:50 EDT
Are you sure, you want to use 64.42.222.96/26? This is not possible.

You can use 64.42.222.0/26, 64.42.222.64/26, 64.42.222.128/26, 64.42.222.192/26 or
64.42.222.0/27, 64.42.222.32/27, 64.42.222.64/27, 64.42.222.96/27,
64.42.222.128/27, ..
Comment 2 Need Real Name 2003-10-13 16:00:24 EDT
Reply to Thomas Woerner: You are correct, I don't want to do this. I did 
mean /27 but was using /26 in error. When I use /27 it works as I expect it to. 
Sorry for the false alarm. Thanks for pointing this out to me.

Regards,
Steve

Note You need to log in before you can comment on or make changes to this bug.