← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #100812

[Bug 1492837] [NEW] iptables nat prerouting slight problem with adapter aliases

  Thread PreviousDate PreviousThread Next 
Public bug reported:

There seems to be a slight problem with iptables + adapter aliases.

Take the alias eth0:1 for example...

ifconfig eth0:1
eth0:1    Link encap:Ethernet  HWaddr 00:25:90:eb:cb:ae  
          inet addr:158.69.167.64  Bcast:158.69.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

1) This rule works + seems incorrect (notice -i rather than -i eth0:1)

       iptables -w -t nat -A PREROUTING -i eth0 -p tcp --dst
158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

2) This rule fails + seems correct (notice -i eth0:1)

       iptables -w -t nat -A PREROUTING -i eth0:1 -p tcp --dst
158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

In #2 the rule is consumed without generating any error.

Seems like either eth0:1 should be accepted + should work or should
generate an error.

The iptables man page says -i is the "Name of an interface via which a
packet was received" so I'm guessing anytime -i is passed with an alias,
then the correct action is to either generate an error + die or better
generate a warning that the alias has been converted to the base
interface (any :\d+ has been stripped).

This is a low priority item + at the same time can suck a huge amount of
time debugging.

** Affects: iptables (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1492837

Title:
  iptables nat prerouting slight problem with adapter aliases

Status in iptables package in Ubuntu:
  New

Bug description:
  There seems to be a slight problem with iptables + adapter aliases.

  Take the alias eth0:1 for example...

  ifconfig eth0:1
  eth0:1    Link encap:Ethernet  HWaddr 00:25:90:eb:cb:ae  
            inet addr:158.69.167.64  Bcast:158.69.255.255  Mask:255.255.0.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

  1) This rule works + seems incorrect (notice -i rather than -i eth0:1)

         iptables -w -t nat -A PREROUTING -i eth0 -p tcp --dst
  158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

  2) This rule fails + seems correct (notice -i eth0:1)

         iptables -w -t nat -A PREROUTING -i eth0:1 -p tcp --dst
  158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

  In #2 the rule is consumed without generating any error.

  Seems like either eth0:1 should be accepted + should work or should
  generate an error.

  The iptables man page says -i is the "Name of an interface via which a
  packet was received" so I'm guessing anytime -i is passed with an
  alias, then the correct action is to either generate an error + die or
  better generate a warning that the alias has been converted to the
  base interface (any :\d+ has been stripped).

  This is a low priority item + at the same time can suck a huge amount
  of time debugging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1492837/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next