Bug 46943 - Kernel 2.4.2-2 crash when using iptables and nat
Kernel 2.4.2-2 crash when using iptables and nat
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: AfterStep (Show other bugs)
7.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Arjan van de Ven
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-02 08:44 EDT by Tommaso Schiavinotto
Modified: 2007-04-18 12:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-02 08:44:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tommaso Schiavinotto 2001-07-02 08:44:35 EDT
Description of Problem:
Simply booting, when there are not iptables rules and policies are
all ACCEPT, if i issue that command:
iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x --dport 
80 --to 192.168.2.2:80

with x.x.x.x a valid address and then if i try to access on port 80
from another computer:
telnet x.x.x.x 80

i get the linux box with iptable rule issued completely frozen...

I tried with new kernel rpm (2.4.3-12) and all works fine.

How Reproducible:
Every time

Steps to Reproduce:
1. boot with no iptables (or ipchains)
2. iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x    
--dport 80 --to 192.168.2.2:80
3. from another box: telnet x.x.x.x 80

Actual Results:
get kernel panic error and system freezes

Expected Results:
with telnet x.x.x.x 80 i should be able to connect to 192.168.2.2 
box on port 80

Additional Information:
I use 3 ethernet cards.
i updated to the kernel-2.4.3-12 and now all works fine
Comment 1 Arjan van de Ven 2001-07-02 09:54:02 EDT
2.4.2-2 had a buggy and exploitable iptables. We put out a security advisory
about that pretty soon after 2.4.2-2 was released. 2.4.3-12 should have that
fixed and you confirm that (unless I misunderstood you, in that case please
reopen this bug).

Note You need to log in before you can comment on or make changes to this bug.