Bug 119561 - kernel 2.4.20-28.9 iptables (netfilter) does not work correctly
kernel 2.4.20-28.9 iptables (netfilter) does not work correctly
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
9
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Arjan van de Ven
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-31 08:32 EST by Paulo Sedrez
Modified: 2007-03-27 00:16 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-30 11:41:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paulo Sedrez 2004-03-31 08:32:57 EST
Description of problem:
After updating to kernel 2.4.20-28.9, iptables works erratically.
Certain filters does not work, DNAT does not work, LOG on INPUT does
no work. Only default policies seems to work.

Stock kernel 2.4.20-8 work OK; haven't tried other releases.

Version-Release number of selected component (if applicable):
kernel-2.4.20-28.9
iptables-1.2.7a-2

How reproducible:
Always.

Steps to Reproduce:
1. set a rule for filter/INPUT to LOG packets at a exterior interface
2. set a rule for nat/DNAT to a internal machine, any protocol/service
3. set a rule for filter/FORWARD to match the nat/DNAT rule from (2)
4. set the default policy for filter/FORWARD to DROP
5. try a connection from exterior network, follow with tcpdump


Actual results:  No LOG; No connection.
tcpdump only shows packets arriving at the external interface, no one
left to the internal machine.


Expected results:  Log of packet activity
Connection from exterior with internal machine
tcpdump shows communication exchange

Additional info:

Sometimes, something works; I get logs, mostly from filter/FORWARD chain.

This is a MAJOR security bug; anyone with an ACCEPT security policy
may be vulnerable.
Comment 1 Bugzilla owner 2004-09-30 11:41:51 EDT
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
persists.

The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, 
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/

Note You need to log in before you can comment on or make changes to this bug.