Converting iptables firewall from 2.4 .to 2.6 kernel

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Frank <oldcurmudgeon@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Converting iptables firewall from 2.4 .to 2.6 kernel
Date: Wed, 30 Mar 2005 15:42:44 -0600	[thread overview]
Message-ID: <803aaa1105033013425a3c2bc9@mail.gmail.com> (raw)

I tried upgrading a Debian stable firewall to sarge.  That part went
fine, but when I
tried upgrading the locally-built 2.4.19 kernel to 2.6.11.5 the
results were not as
expected.
   The first (and easily fixed) problem was that eth0 and eth1 were
reversed.  At
least I verified that my anti-spoofing rules worked. After swaping the
cables, the
firewall could conect to internal and external machines, internal hosts could
connect to the firewall, external hosts could connect to the firewall,
internal hosts
could send packets to exernal hosts, but packets from outside hosts to inside
hosts never crossed to the inside.
   Running tcpdump on both interfaces shows packets from outside hosts to
inside hosts hit the external interface but never appear on the
internal interface,
whether it is an initial connection from outside or a reply packet to a packet
initiated on the inside.
   I'm using the same scripts to set routes, ip_forward, rp_filter,
and proxy_arp.
The only rthing changing is the kernel (and both have iptables support built in,
not as modules).
    Did the locations of things in proc change in 2.6, or any other ideas on how
to debug this? Iptables version is now 1.2.4, it was 1.2 before.
Booting back into
the 2.4. kernel (and swapping the cables) makes it work properly, so the only
variable now is the kernel version (i.e., it all works fine with the
2.4 kernel and
all the new sarge utilities/libraries, etc.).

Thanks,
Frank

                 reply	other threads:[~2005-03-30 21:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=803aaa1105033013425a3c2bc9@mail.gmail.com \
    --to=oldcurmudgeon@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox