touch-packages team mailing list archive

[David Favor <david@xxxxxxxxxxxxxx>]

By "works" I mean packets forward correctly only when base adapter is
used (no :\d+) so aliases quietly drop packets.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1492837

Title:
  iptables nat prerouting slight problem with adapter aliases

Status in iptables package in Ubuntu:
  New

Bug description:
  There seems to be a slight problem with iptables + adapter aliases.

  Take the alias eth0:1 for example...

  ifconfig eth0:1
  eth0:1    Link encap:Ethernet  HWaddr 00:25:90:eb:cb:ae  
            inet addr:158.69.167.64  Bcast:158.69.255.255  Mask:255.255.0.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

  1) This rule works + seems incorrect (notice -i rather than -i eth0:1)

         iptables -w -t nat -A PREROUTING -i eth0 -p tcp --dst
  158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

  2) This rule fails + seems correct (notice -i eth0:1)

         iptables -w -t nat -A PREROUTING -i eth0:1 -p tcp --dst
  158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80

  In #2 the rule is consumed without generating any error.

  Seems like either eth0:1 should be accepted + should work or should
  generate an error.

  The iptables man page says -i is the "Name of an interface via which a
  packet was received" so I'm guessing anytime -i is passed with an
  alias, then the correct action is to either generate an error + die or
  better generate a warning that the alias has been converted to the
  base interface (any :\d+ has been stripped).

  This is a low priority item + at the same time can suck a huge amount
  of time debugging.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1492837/+subscriptions