Bug 53356 - iptables -j DNAT does not work in kernel 2.4.3-12
Summary: iptables -j DNAT does not work in kernel 2.4.3-12
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kernel
Version: 7.1
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Arjan van de Ven
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-09-07 09:30 UTC by Klaus Muth
Modified: 2007-04-18 16:36 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2001-09-07 09:30:52 UTC


Attachments (Terms of Use)

Description Klaus Muth 2001-09-07 09:30:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [de] (X11; U; Linux 2.4.2-2 i686; Nav)

Description of problem:
After reading about the ip_conntrack_ftp exploit I tried to get a new
kernel. I compiled the kernel with the same config, but now the port
forwarding rules do not work: the iptables commands are accepted, the
packets are counted, but there is no forwarding ;/. I dont't know whether
the packets are dropped or whatever.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Configure a firewall with some port forwarding rules
2. Try until all works fine
3. Upgrade the 2.4.2-2 kernel to a 2.4.3-12 kernel
4. The forwarded ports do not work
	

Additional info:

Chain PREROUTING (policy ACCEPT 65 packets, 11672 bytes)
 pkts bytes target     prot opt in     out     source              
destination
    0     0 DNAT       tcp  --  any    any     anywhere       
212.107.169.6      tcp dpt:ftp-data to:192.168.42.2:20
    1    60 DNAT       tcp  --  any    any     anywhere            
212.107.169.6      tcp dpt:ftp to:192.168.42.2:21
    0     0 DNAT       tcp  --  any    any     anywhere            
212.107.169.6      tcp dpt:http to:192.168.42.2:80
    2   120 DNAT       tcp  --  any    any     anywhere            
212.107.169.6      tcp dpt:2367 to:192.168.42.2:2367

Packets counted but not forwarded ;/

Comment 1 Klaus Muth 2001-09-20 13:54:01 UTC
This is a UTS-Bug (User too stupid). Portforwarding did not work, because
the server behind the firewall had no route back for the test (somebody
rebooted it).


Note You need to log in before you can comment on or make changes to this bug.