Bug 174239 - netfilter vpn problems.
Summary: netfilter vpn problems.
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 4
Hardware: i686
OS: Linux
medium
high
Target Milestone: ---
Assignee: Dave Jones
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-26 10:44 UTC by Need Real Name
Modified: 2015-01-04 22:23 UTC (History)
2 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2005-11-29 23:23:42 UTC


Attachments (Terms of Use)

Description Need Real Name 2005-11-26 10:44:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:

Sorry about my poor english.

Problem with IPTALBLES and Kernel: 2.6.14-1.1637_FC4
with INBOUND MS VPN 
(IP Port47
TCP Port 1723
UDP Port 500
UDP Port 1701)


OUTBOUND MS VPN is OK ! with kernel-2.6.14-1.1637_FC4 

The Problem is only at INBOUND connections
not with OUTBOUND connections.


We have a Firewall with Fedora Core 4 and iptables.
Behind the Firewall (NAT and MASQUERADE) is a Microsoft VPN Server.

IPFORWARD is activ
(
cat /proc/sys/net/ipv4/ip_forward
1
)

If we use the Kernel 2.6.13-1.1532_FC4, all is working fine.
When we use the Kernel 2.6.14-1.1637_FC4 the VPN Auth. is
not OK. It STOPs at the User & Password check.

We use the SAME IPTABLES Policy !!! 

Can you please tell me, what information do you need
to fix this Problem in the next Kernel Release for Fedora Core 4 ???


We have a Problem with this Kernel: 2.6.14-1.1637_FC4 too.
Core DUMPs if stop / reload iptables.

Unloading iptables modules: FAILED

This Problem is not with Kernel: 2.6.13-1.1532_FC4
and the Kernel Version below.



Version-Release number of selected component (if applicable):
iptalbes-1.3.0-2, kernel-2.6.14-1.1637_FC4

How reproducible:
Always

Steps to Reproduce:
1.Boot Kernel 2.6.14-1.1637_FC4
2.load iptables policy
3.try to make a Microsoft VPN-Connect (INBOUND) behind the Firewall (NAT)
  

Actual Results:  
If we use kernel-2.6.14-1.1637_FC4, the MS VPN-Connect
is STOP at AUTH: User and Password

No Entry on the Windows Server Logfiles.


With kernel-kernel-2.6.13-1.1532_FC4 or below all is OK.
(VPN Login and LOGFile Entrys on the Windows Server)



Additional info:

Additional Information:


/etc/init.d/iptables stop

Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter nat [ OK ]
Unloading iptables modules: [ FAILED ]

Comment 1 Thomas Woerner 2005-11-28 09:28:24 UTC
iptables is the userland configuration tool, but this is a kernel netfilter problem.

Assigning to kernel.

Comment 2 Dave Jones 2005-11-28 20:17:42 UTC
please try with the 1644 kernel update that went out today.
(If your yum mirror hasn't got it yet, you can also find it at
http://people.redhat.com/davej/kernels/Fedora/FC4/)

Comment 3 Schneck Dennis 2005-11-29 12:29:07 UTC
Thanks a lot !
with: Kernel 2.6.14-1.1644_FC4 #1 Sun Nov 27 03:25:11

the Problem is FIXED

Dennis


Note You need to log in before you can comment on or make changes to this bug.