bugzilla-daemon@bugzilla.netfilter.org
2006-Jan-25 12:55 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-01-25 12:55 MET ------- Please add a LOG rule to PRE_ROUTING in the mangle table and post the output. BTW, are you using hardware checksumming (check with ethtool) on the underlying ethernet device? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jan-25 12:55 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-01-25 12:55 MET ------- Please add a LOG rule to PRE_ROUTING in the mangle table and post the output. BTW, are you using hardware checksumming (check with ethtool) on the underlying ethernet device? -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jan-30 18:31 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400
------- Additional Comments From schulz@schwaar.com 2006-01-30 18:31 MET
-------
Different "--log-prefix" of the rules (see below):
'P ' <=> PREROUTING
'1 ' <=> line 1 of INPUT
'3 ' <=> line 3 of INPUT
'5 ' <=> line 5 of INPUT
'O ' <=> line 1 of OUTPUT
Log of 'echo -e "GET / HTTP/1.0\n\n|netcat 213.95.27.115 80' is
attached
(LOG20060130).
roadwarrior:~# iptables -t mangle -L -nv
Chain PREROUTING (policy ACCEPT 34386 packets, 28M bytes)
pkts bytes target prot opt in out source destination
1230 467K LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `P '
roadwarrior:~# iptables -L INPUT -nv
Chain INPUT (policy ACCEPT 63075 packets, 38M bytes)
pkts bytes target prot opt in out source destination
19 2284 LOG all -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `1 '
10 1828 ACCEPT all -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
9 456 LOG all -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `3 '
21 976 ACCEPT tcp -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
5 232 LOG all -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `5 '
0 0 ACCEPT udp -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
udp dpts:32768:61000
1 28 ACCEPT icmp -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
113 24549 DROP all -- vlan0075 * 0.0.0.0/0 0.0.0.0/0
roadwarrior:~# iptables -L OUTPUT -nv
Chain OUTPUT (policy ACCEPT 32727 packets, 2963K bytes)
pkts bytes target prot opt in out source destination
21 1241 LOG all -- * vlan0075 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 4 prefix `O '
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jan-30 18:33 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From schulz@schwaar.com 2006-01-30 18:33 MET ------- Created an attachment (id=204) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=204&action=view) log of today's test -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Jan-31 17:15 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From schulz@schwaar.com 2006-01-31 17:15 MET ------- I forgot to answer yesterday:>BTW, are you using hardware checksumming (check with ethtool) on the underlyingethernet device? I don't think so. This is an Apple UniNorth GMAC (Sun GEM). I use "sungem.ko". 'ethtool -k' say 'Operation not supported' -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 09:31 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-02-17 09:31 MET ------- Looking at the source, it uses HW checksum unconditionally. Please try "echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid" after loading the ipt_LOG module and post the output, if any. Thanks. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 09:31 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-02-17 09:31 MET ------- Looking at the source, it uses HW checksum unconditionally. Please try "echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid" after loading the ipt_LOG module and post the output, if any. Thanks. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-20 05:35 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-02-20 05:35 MET ------- It could also be related to the bridge-netfilter derfered-hook calling hacks. This is more likely than HW-checksums, if you have CONFIG_BRIDGE_NETFILTER enabled, please try disabling it. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-20 05:35 UTC
[Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=400 ------- Additional Comments From kaber@trash.net 2006-02-20 05:35 MET ------- It could also be related to the bridge-netfilter derfered-hook calling hacks. This is more likely than HW-checksums, if you have CONFIG_BRIDGE_NETFILTER enabled, please try disabling it. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
Possibly Parallel Threads
- [Bug 400] connection tracking does not work on VLANs if underlying interface is a bridge
- [Bug 318] masq fails on existing connection using marks and iproute2 source routing
- [Bug 554] Packet illegaly bypassing SNAT
- [Bug 552] Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !!
- [Bug 443] 2.6 kernel failing in NAT with significant outbound traffic