Red Hat Bugzilla – Bug 119561
kernel 2.4.20-28.9 iptables (netfilter) does not work correctly
Last modified: 2007-03-27 00:16:17 EDT
Description of problem: After updating to kernel 2.4.20-28.9, iptables works erratically. Certain filters does not work, DNAT does not work, LOG on INPUT does no work. Only default policies seems to work. Stock kernel 2.4.20-8 work OK; haven't tried other releases. Version-Release number of selected component (if applicable): kernel-2.4.20-28.9 iptables-1.2.7a-2 How reproducible: Always. Steps to Reproduce: 1. set a rule for filter/INPUT to LOG packets at a exterior interface 2. set a rule for nat/DNAT to a internal machine, any protocol/service 3. set a rule for filter/FORWARD to match the nat/DNAT rule from (2) 4. set the default policy for filter/FORWARD to DROP 5. try a connection from exterior network, follow with tcpdump Actual results: No LOG; No connection. tcpdump only shows packets arriving at the external interface, no one left to the internal machine. Expected results: Log of packet activity Connection from exterior with internal machine tcpdump shows communication exchange Additional info: Sometimes, something works; I get logs, mostly from filter/FORWARD chain. This is a MAJOR security bug; anyone with an ACCEPT security policy may be vulnerable.
Thanks for the bug report. However, Red Hat no longer maintains this version of the product. Please upgrade to the latest version and open a new bug if the problem persists. The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases, and if you believe this bug is interesting to them, please report the problem in the bug tracker at: http://bugzilla.fedora.us/