Bug 55280 - IPCHAINS DOES NOT WORK UNDER 7.1 and IPTABLES DOES NOT INSTALL
IPCHAINS DOES NOT WORK UNDER 7.1 and IPTABLES DOES NOT INSTALL
Status: CLOSED DUPLICATE of bug 55202
Product: Red Hat Linux
Classification: Retired
Component: ipchains (Show other bugs)
7.1
i686 Linux
high Severity medium
: ---
: ---
Assigned To: Mike A. Harris
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-10-29 00:54 EST by Need Real Name
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-10-29 00:54:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2001-10-29 00:54:11 EST
Description of Problem:
Description of Problem:

I am using Redhat 7.1 w/2.4.9-6 kernel and all upgraded rpms (as of 
10/25/01).

Can not get masquerading to work in ipchains with a dialup connection 
through ppp0.

I have tried everything that I can think of, but nothing works.

Currently I have ipchains turned of in chkconfig and have the fillowing in 
rc.local:

modprobe ipchains >/dev/null 2>&1 || exit 0

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

/sbin/ipchains -F input
/sbin/ipchains -F forward
/sbin/ipchains -F output

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i ppp0 -j MASQ

<snip>

Now, if I do not include my local IP in the hosts file, I can dialup and 
get assigned an IP dynamically from the remote access server.  I can 
verify 
this with ifconfig and can ping out.

If I include my local host IP and name in hosts, then when I dialup, I get 
the local IP in ifconfig and can not ping out.

This tells me that MASQ in ipchains is NOT working.

I did upgrade ipchains to 1.3.10, but it didn't work before I upgraded.

Version-Release number of selected component (if applicable):
ipchains 1.3.10

How Reproducible:
Out of the box Redhat 7.1

Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:
 
Additional comment by mharris@redhat.com 2001-10-26 22:04:35 
 
In this non-working setup, please attach the output of the following
commands:

lsmod
ipchains -L -v --line-numbers

ifconfig

uname -a

rpm -q ipchains
 
Additional comment by otrcomm@wildapache.net 2001-10-27 00:22:09 
 
[root@mcw rc.d]# lsmod
Module                  Size  Used by
ppp_deflate            41600   1  (autoclean)
bsd_comp                4352   0  (autoclean)
appletalk              20912   0  (autoclean)
ipx                    16416   0  (autoclean)
ppp_async               6800   1  (autoclean)
ppp_generic            19360   3  (autoclean) [ppp_deflate bsd_comp 
ppp_async]
slhc                    5280   1  (autoclean) [ppp_generic]
soundcore               4432   0  (autoclean)
ide-cd                 27104   0  (autoclean)
cdrom                  28512   0  (autoclean) [ide-cd]
ipchains               39424   0 
autofs                 11584   1  (autoclean)
3c59x                  26528   1  (autoclean)
usb-uhci               21696   0  (unused)
usbcore                51584   1  [usb-uhci]
[root@mcw rc.d]#   
[root@mcw rc.d]# 
[root@mcw rc.d]# ipchains -L -v --line-numbers
Chain input (policy ACCEPT: 1529 packets, 226692 bytes):
Chain forward (policy DENY: 0 packets, 0 bytes):
num   pkts bytes target     prot opt    tosa tosx  ifname     mark       
outsize  
source                destination           ports
1        0     0 MASQ       all  ------ 0xFF 0x00  
any                            
192.168.0.0/24       anywhere              n/a
Chain output (policy ACCEPT: 331 packets, 44193 bytes):
[root@mcw rc.d]#          
[root@mcw rc.d]# 
[root@mcw rc.d]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:10:4B:6A:2B:04  
          inet addr:192.168.1.5  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3713 errors:0 dropped:0 overruns:0 frame:0
          TX packets:357 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:192.168.1.5  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 

[root@mcw rc.d]# 
[root@mcw rc.d]# 
[root@mcw rc.d]# uname -a
Linux mcw.otrcomm.lcl 2.4.9-6 #1 Thu Oct 18 09:39:55 EDT 2001 i686 unknown
[root@mcw rc.d]# 
[root@mcw rc.d]# 
[root@mcw rc.d]# rpm -q ipchains
ipchains-1.3.10-7
[root@mcw rc.d]#
 
Additional comment by otrcomm@wildapache.net 2001-10-27 00:34:05 
 
The reason I got the 192.168.0.0/24 for my source in ipchains -L -v is 
because I  
added a -s switch to my test in rc.local, i.e.:


/sbin/ipchains -A forward -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -
j 
MASQ

But this didn't help.  I didn't expect it to, but I wanted to try.
 
Additional comment by otrcomm@wildapache.net 2001-10-27 21:59:20 
 
Yeah, it has been 24 hours on this easily reproducible problem and no 
solution. 
I didn't think anyone would/could address this.  So much for being "quite 
capable of maintaining my own packages..." you're welcome.
 
Additional comment by mharris@redhat.com 2001-10-28 17:59:46 
 
Arjan, I've got a clean 7.1 install set up here, with IP masquerading
configured.  I've got all 7.1 erratum applied.  IP masquerading works
fine for me in this test setup - ie: I cannot reproduce any ipchains
IP masquerade problems that this polite fellow is reporting.

Before closing the bug as NOTABUG, I thought I would get you to give
a second opinion on it, as the kernel is involved.

Your thoughts?
 
Additional comment by otrcomm@wildapache.net 2001-10-28 18:06:21 
 
If you can get ipchains to masquerade, then could you please send this 
person 
who does not care about being polite a copy of your ipchains rules?

I assume that you set you system to have an internal network on eth0, you 
local 
IP in the hosts file, and internal nameserver for you local network, and 
connected to an access server via a dialup?

 
Additional comment by teg@redhat.com 2001-10-28 18:12:32 
 
Only a subset of IP masquerading works with ipchains, you'll need to 
switch to
iptables to improve the setup (and have it work useful). Bugzilla is not a
support channel - I suggest you ask on mailing lists for your particular 
setup.
 
Additional comment by otrcomm@wildapache.net 2001-10-29 00:45:57 
 
Trond,

As you know, ipchains and iptables can not both be active in the kernel 
simultaneously.  I have not been able to install Redhat 7.1 without 
installing 
ipchains.  That is, if during initial install you select not to install a 
firewall, ipchains gets installed in the kernel anyway and then you can 
not 
install iptables.  How do you recommend that I install iptables with 
Redhat 
7.1?  Or should I just go to 7.2?

Furthermore, what you are telling me here is that ip masquerading does not 
work 
with ipchains, is that correct?
 


Version-Release number of selected component (if applicable):


How Reproducible:


Steps to Reproduce:
1. 
2. 
3. 

Actual Results:


Expected Results:


Additional Information:
Comment 1 Mike A. Harris 2001-10-29 21:30:30 EST

*** This bug has been marked as a duplicate of 55202 ***

Note You need to log in before you can comment on or make changes to this bug.