Red Hat Bugzilla – Bug 171089
Filtering broken under 2.6.13-1_1526_FC4 ?
Last modified: 2007-11-30 17:11:15 EST
This may be a replay of bug #162438 that I submitted earlier in the year. One
of the kernel updates disabled the bridging utils due to changes made by
developers intending to speed things up. The result was breakage that was
fixed in a subsequent release (2.6.12-1.1398_FC4) that backed out the changes.
I recently 2.6.13-1.1526_FC4 on the same box, and it also kills the current
previously operation functionality. I just discovered this problem, and have
not had sufficient time to troubleshoot with error logs. An easy fix to
eliminate the problem is to boot back into version 1447, under which the
problem is no longer manifested.
1. Boot into 2.6.13-1.1526_FC4
My combination of bridge-utils, iptables, dansguardian, and squid fails to
pass traffic. Disabling the bridge and iptables rules allows traffic to pass
by disabling dansguardian and squid.
Backing up and booting into 2.6.12-1.1447_FC4 makes everything work again, so
I can only assume that it was a change in the kernel that is causing the
problem at this time.
Once again, under 1526, if I delete the ebtables and iptables rules that force
traffic through dansguardian, the bridge will work, and traffic will pass, but
no filtering can take place. The same configuration works perfectly if I boot
into 1447 instead.
I have checked the various logs, but have found no errors yet. I will add
logging errors sometime this week to track it down further, but 1526 is un-
useable for me at this because of this bug.
OK- Color me stupid. I finally got back to this problem this week-end, and it
seems to have disappeared.
I rebooted my test machine, added some extra logging rules, and discovered
that nothing would break. Set everything back to production mode, and it all
worked. Still don't know what went wrong because at this point it is
configured exactly the same as when the error was consistent.
Life is good, except for my friend that went diving in Cozumel this week.