Bug 50205 - iptables ignores --dport
iptables ignores --dport
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-27 20:49 EDT by Need Real Name
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-27 20:49:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-07-27 20:49:17 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:0.9.1)
Gecko/20010607 Netscape6/6.1b1

Description of problem:
iptables ignores pop3 and smtp port settings on --dport

How reproducible:
Always

Steps to Reproduce:
/sbin/iptables -A FORWARD -o eth1  -p tcp  -s pat.foo.com
       -d $MAIL_SRV --destination-port pop3  -j LOG
   /sbin/iptables -A FORWARD -o eth1  -p tcp  -s pat.foo.com
       -d $MAIL_SRV --destination-port pop3  -j REJECT
   /sbin/iptables -A FORWARD -o eth1  -p tcp  -s pat.foo.com
       -d $MAIL_SRV --destination-port smtp  -j LOG
   /sbin/iptables -A FORWARD -o eth1  -p tcp  -s pat.foo.com
       -d $MAIL_SRV --destination-port smtp  -j REJECT


	

Actual Results:   Chain FORWARD (policy DROP)
   target     prot opt source            destination
   LOG        tcp  --  Pat.foo.com         anywhere  tcp dpt:pop3 LOG 
level warning
   REJECT     tcp  --  Pat.foo.com         anywhere  tcp dpt:pop3 
reject-with icmp-port-unreachable
   LOG        tcp  --  Pat.foo.com         anywhere  tcp dpt:smtp LOG 
level warning
   REJECT     tcp  --  Pat.foo.com         anywhere  tcp dpt:smtp 
reject-with icmp-port-unreachable



Expected Results:   the destination should be the IP addres for $MAIL_SRV
not "anywhere".  Actual test with live packets confirmed the "anywhere"
problem.  No pop3 or smtp traffic was allowed out of Pat.foo.com to
anywhere


Additional info:

Reproducing this may require the entire firewall.  Please eMail me
if it is required and I will send it to you
Comment 1 Bernhard Rosenkraenzer 2001-07-30 08:58:08 EDT
Can't reproduce this in 1.2.2-3

Note You need to log in before you can comment on or make changes to this bug.