Red Hat Bugzilla – Bug 119561
kernel 2.4.20-28.9 iptables (netfilter) does not work correctly
Last modified: 2007-03-27 00:16:17 EDT
Description of problem:
After updating to kernel 2.4.20-28.9, iptables works erratically.
Certain filters does not work, DNAT does not work, LOG on INPUT does
no work. Only default policies seems to work.
Stock kernel 2.4.20-8 work OK; haven't tried other releases.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. set a rule for filter/INPUT to LOG packets at a exterior interface
2. set a rule for nat/DNAT to a internal machine, any protocol/service
3. set a rule for filter/FORWARD to match the nat/DNAT rule from (2)
4. set the default policy for filter/FORWARD to DROP
5. try a connection from exterior network, follow with tcpdump
Actual results: No LOG; No connection.
tcpdump only shows packets arriving at the external interface, no one
left to the internal machine.
Expected results: Log of packet activity
Connection from exterior with internal machine
tcpdump shows communication exchange
Sometimes, something works; I get logs, mostly from filter/FORWARD chain.
This is a MAJOR security bug; anyone with an ACCEPT security policy
may be vulnerable.
Thanks for the bug report. However, Red Hat no longer maintains this version of
the product. Please upgrade to the latest version and open a new bug if the problem
The Fedora Legacy project (http://fedoralegacy.org/) maintains some older releases,
and if you believe this bug is interesting to them, please report the problem in
the bug tracker at: http://bugzilla.fedora.us/