Bug 46943 - Kernel 2.4.2-2 crash when using iptables and nat
Summary: Kernel 2.4.2-2 crash when using iptables and nat
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: AfterStep   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2001-07-02 12:44 UTC by Tommaso Schiavinotto
Modified: 2007-04-18 16:34 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-07-02 12:44:38 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Tommaso Schiavinotto 2001-07-02 12:44:35 UTC
Description of Problem:
Simply booting, when there are not iptables rules and policies are
all ACCEPT, if i issue that command:
iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x --dport 
80 --to

with x.x.x.x a valid address and then if i try to access on port 80
from another computer:
telnet x.x.x.x 80

i get the linux box with iptable rule issued completely frozen...

I tried with new kernel rpm (2.4.3-12) and all works fine.

How Reproducible:
Every time

Steps to Reproduce:
1. boot with no iptables (or ipchains)
2. iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x    
--dport 80 --to
3. from another box: telnet x.x.x.x 80

Actual Results:
get kernel panic error and system freezes

Expected Results:
with telnet x.x.x.x 80 i should be able to connect to 
box on port 80

Additional Information:
I use 3 ethernet cards.
i updated to the kernel-2.4.3-12 and now all works fine

Comment 1 Arjan van de Ven 2001-07-02 13:54:02 UTC
2.4.2-2 had a buggy and exploitable iptables. We put out a security advisory
about that pretty soon after 2.4.2-2 was released. 2.4.3-12 should have that
fixed and you confirm that (unless I misunderstood you, in that case please
reopen this bug).

Note You need to log in before you can comment on or make changes to this bug.