Red Hat Bugzilla – Bug 46943
Kernel 2.4.2-2 crash when using iptables and nat
Last modified: 2007-04-18 12:34:23 EDT
Description of Problem:
Simply booting, when there are not iptables rules and policies are
all ACCEPT, if i issue that command:
iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x --dport
80 --to 192.168.2.2:80
with x.x.x.x a valid address and then if i try to access on port 80
from another computer:
telnet x.x.x.x 80
i get the linux box with iptable rule issued completely frozen...
I tried with new kernel rpm (2.4.3-12) and all works fine.
Steps to Reproduce:
1. boot with no iptables (or ipchains)
2. iptables -t nat -A PREROUTING -j DNAT -i eth0 -p tcp -d x.x.x.x
--dport 80 --to 192.168.2.2:80
3. from another box: telnet x.x.x.x 80
get kernel panic error and system freezes
with telnet x.x.x.x 80 i should be able to connect to 192.168.2.2
box on port 80
I use 3 ethernet cards.
i updated to the kernel-2.4.3-12 and now all works fine
2.4.2-2 had a buggy and exploitable iptables. We put out a security advisory
about that pretty soon after 2.4.2-2 was released. 2.4.3-12 should have that
fixed and you confirm that (unless I misunderstood you, in that case please
reopen this bug).