Bug 127994 - Fedora Core 2: packets are not forwarded when using iptables
Summary: Fedora Core 2: packets are not forwarded when using iptables
Alias: None
Product: Fedora
Classification: Fedora
Component: iptables (Show other bugs)
(Show other bugs)
Version: 2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Thomas Woerner
QA Contact: Ben Levenson
Depends On:
TreeView+ depends on / blocked
Reported: 2004-07-16 04:57 UTC by Jonathan Laub
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-16 15:32:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jonathan Laub 2004-07-16 04:57:19 UTC
Description of problem:
Using the Security Level helper application there is no means of
specifying packet forwarding between eth0(inside net) and
eth1(external net).  In addition, when /proc/sys/net../ip_forward is
set to '1', and ECN is disabled, forwarding does not occur unless
firewall is disabled and this custom script is used instead shown at
bottom.  Have also modified sysctl.conf to '1' as well to allow for
forwarding.  Did I miss anything??

Version-Release number of selected component (if applicable): Fedora
Core 2 - updated on all RPMS's.

How reproducible:  May be difficult?
Steps to Reproduce:
1. Set eth0 to, set eth1 to and external ip.
2. Echo 1 > /proc/sys/net/ipv4/ip_forward
3. Modify sysctl.conf changing ip_forwarding to '1' from '0'.
4. Sysctl -p, reboot.
5. Have tried to customize the /etc/sysconfig/iptables.conf generated
by the Security Level helper app and had no progress.  

Actual results: Forwarding does not occur.

Expected results:

Additional info: 
This is the only means of getting forwarding going quickly without
spending gobs of time trying to tweak ip_tables.conf.
*-<add snip>---------------------------------------------------------
# chkconfig: 2345 08 92
# description:	Starts my custom ip_forwarding. 
# config: /etc/sysconfig/iptables
# config: /etc/sysconfig/iptables-config
echo "1" > /proc/sys/net/ipv4/ip_forward
# Change this value to your EXTERNAL interface
# Set policies
# Delete table rules, chains and counters
for table in filter nat mangle
$ipt -t $table -F # flush
$ipt -t $table -X # delete
$ipt -t $table -Z # zero
$ipt -t nat -A POSTROUTING -o $ext -j MASQUERADE

Comment 1 Thomas Woerner 2004-08-16 15:32:56 UTC
You want masquerading and not a simple forward. You can either save
your generated configuration with 'service iptables save', which will
overwrite /etc/sysconfig/iptables with the current firewall rules or
you can add 


to your current /etc/sysconfig/iptables.

system-config-securitylevel does not support masquerading.

This is not a bug.

Comment 2 IBM Bug Proxy 2004-08-25 23:22:45 UTC
----- Additional Comments From linas@us.ibm.com(prefers email via linas@austin.ibm.com)  2004-08-25 19:22 -------
This patch *still* hasn't made it into mainline, even though they've been  
nagged on multiple occasions.  As a result, this patch is still not in  
RHEL4.  I guess I'll wait a bit longer and hope it makes it into mainline. 
Wish it didn't take 1.5 months for trivial patches to get into mainline :( 
I just source-code audited kernel-2.6.8-1.525.src.rpm    
obtained from    

Comment 3 Thomas Woerner 2004-08-26 08:05:11 UTC
Which patch?

Comment 4 IBM Bug Proxy 2004-09-19 16:20:20 UTC
----- Additional Comments From khoa@us.ibm.com  2004-09-19 12:17 EDT -------
I'd like to move this bug into Submitted state (following our new bugzilla
process) as this patch has been submitted to both mainline and Red Hat.

Red Hat - we need confirmation if this patch will make beta2. Thanks. 

Comment 5 Thomas Woerner 2004-09-29 16:01:07 UTC
I think you have committed this to the wrong bugzilla entry, right?

Note You need to log in before you can comment on or make changes to this bug.