Strange Network/Firewall problem
Hello,
I use a vanilla Kernel 2.6.14.3 and 2.6.15.1. Wenn I connect to the
Internet with pppoe (ADSL), a iptable state rule works only on the
following condition:
2.6.14.3 + driver sk98lin: everthing ok
2.6.14.3 + driver skge: rule not working
2.6.15.1 + driver sk98lin: rule not working
2.6.15.1 + driver skge: rule not working
The iptables rules:
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
68 5033 LOG all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW LOG flags 0 level 4 prefix
`denied:'
68 5033 DROP all -- ppp0 * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
is called by:
iptables -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
When I remove all INPUT rules, then everthing works, but it makes no sense
without firewall ;-)
When I ping a machine in the internet, I see the following result on tcpdump:
19:35:24.866434 IP 21x.8x.7x.7x > 21x.18x.14x.10x: ICMP echo request, id
46871, seq 1536, length 64
19:35:24.898032 IP 21x.18x.14x.10x > 21x.8x.7x.7x: ICMP echo reply, id
46871, seq 1536, length 64
But on the log I see the following:
Jan 25 19:35:24 speedy kernel: denied: IN=ppp0 OUT= MAC=
SRC=21x.18x.14x.10x DST=21x.8x.7x.7x LEN=84 TOS=0x00 PREC=0x00 TTL=58
ID=11184 PROTO=ICMP TYPE=0 CODE=0 ID=46871 SEQ=1536
My question: Why will this packet not accepted by the ACCEPT state rule
withe the 2.6.15 kernel?
My network card:
0000:02:0b.0 0200: 11ab:4320 (rev 13)
Subsystem: 1458:e000
Flags: bus master, 66MHz, medium devsel, latency 64, IRQ 217
Memory at ed000000 (32-bit, non-prefetchable) [size=16K]
I/O ports at ac00 [size=256]
Expansion ROM at ee020000 [disabled] [size=128K]
Capabilities: [48] Power Management version 2
Capabilities: [50] Vital Product Data
0000:02:0b.0 Ethernet controller: Marvell Technology Group Ltd. 88E8001
Gigabit Ethernet Controller (rev 13)
The network card is working on the local bus normal, but also the ACCEPT
state rule is not working on the lan.
Any Ideas?
Best Regards
Stefan Luethje
Reply to: