Re: 2.6.11, pppoe, iptables

To: debian-powerpc@lists.debian.org
Subject: Re: 2.6.11, pppoe, iptables
From: Cedric Pradalier <cedric.pradalier@inrialpes.fr>
Date: Thu, 19 May 2005 22:14:55 +1100
Message-id: <[🔎] 20050519221455.3cb57e85.cedric.pradalier@inrialpes.fr>
In-reply-to: <20050422083347.03e8529c.cedric.pradalier@inrialpes.fr>
References: <20050422083347.03e8529c.cedric.pradalier@inrialpes.fr>

According to Cedric Pradalier, on Fri, 22 Apr 2005 08:33:47
+1000, 
>Hi all,
>
>is there anybody out there using a kernel >= 2.6.10, with a
>pppoe connection to internet and a firewall with iptables,
>defined by hand or with firestarter ? (my machine is an
>ibook2.2, but I don't think this is relevant here).
>
>I'd really like to know if I'm the only one having problem
>with this configuration. If this is a kernel bug, or my
>configuration's bug? Especially, if someone has this kind
>of setup working, I'd like to compare our configs.
>
>On my machine, I'm stuck with 2.6.8 since any newer kernel
>(custom build or debian), with the firewall on, will fail
>to let TCP packet enter my machine.
>

Some more infos on this problem, 

I've now tracked down the problem and I found out the rule
that make my firewall useless: with 2.6.11.6-powerpc, any
packet matches a rule with 
"-m state --state INVALID" 
flags which apparently is setup by ip_conntrack.
And I've checked with 2.6.8, this has definitely been
introduced afterward.

It is independent of iptables 1.2 or 1.3.1

I'm wondering what is so special in my configuration that
I'm the only one to experience that.

If you think this question is not relevant to debian-ppc,
can someone please advise another list to try, or which
package to bugreport to.

Thanks again.

Cedric

Reply to:

Prev by Date: Fwd: stepping down ibook g3
Next by Date: Re: MOL
Previous by thread: Re: stepping down ibook g3
Next by thread: Re: 2.6.11, pppoe, iptables
Index(es):
- Date
- Thread