IPTables on powerpc seems to "missing" NAT'ing packets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Expired
|
Medium
|
Unassigned |
Bug Description
Hi,
Here is my setup:
eth0 ---\
eth2 ---/
I have stripped the iptables config to the bear requirements for NAT:
(I have also tried this with just one MASQ statement - same result
Also - Source NAT - same result)
*nat
:PREROUTING ACCEPT [41024:3267406]
:INPUT ACCEPT [36053:2477434]
:OUTPUT ACCEPT [39588:2527196]
:POSTROUTING ACCEPT [39961:2568225]
-A POSTROUTING -s 192.168.4.0/24 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 192.168.5.0/24 -o ppp0 -j MASQUERADE
COMMIT
eth0 = 192.168.4.0/24
eth2 = 192.168.5.0/24
If I run "tcpdump -i ppp0 -n net 192.168.0.0/16" I do see packets leaving ppp0, "unNAT'ed":
21:14:55.974633 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 1404846587, ack 269222910, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:56.990586 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:14:58.713042 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:15:02.258076 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
21:17:13.711341 IP 192.168.5.109.49458 > 17.152.19.51.443: Flags [F.], seq 0, ack 1, win 16384, options [nop,nop,sack 1 {4381:5764}], length 0
I also can't access certain sites using https, like freelancer.com and iTunes from my iphone (eth2 via wireless).
This used to work. In between I have upgraded to linux-image-
I havn't back tracked the kernels to a working one yet - working on that atm.
affects: | iptables (Ubuntu) → linux (Ubuntu) |
information type: | Public Security → Public |
Changed in linux (Ubuntu): | |
importance: | Undecided → Medium |
I am tagging it as a security issue since this can leak private subnet information