Re: 2.6.11, pppoe, iptables
I also encountered the same problem as Cedric: iptables drops
all TCP traffic, either with firestarter or when started manually.
My setup (ibook 2.2, PPPoE, kernel 2.6.10, hoary) is also very
similar to his.
As Cedric's post is the only one that my frantic googling turned
up, and our setups are almost identical, I suspect the problem
could very well be debian-powerpc specific.
Cedric Pradalier wrote:
> According to Cedric Pradalier, on Fri, 22 Apr 2005 08:33:47
> +1000,
> >Hi all,
> >
> >is there anybody out there using a kernel >= 2.6.10, with a
> >pppoe connection to internet and a firewall with iptables,
> >defined by hand or with firestarter ? (my machine is an
> >ibook2.2, but I don't think this is relevant here).
> >
> >I'd really like to know if I'm the only one having problem
> >with this configuration. If this is a kernel bug, or my
> >configuration's bug? Especially, if someone has this kind
> >of setup working, I'd like to compare our configs.
> >
> >On my machine, I'm stuck with 2.6.8 since any newer kernel
> >(custom build or debian), with the firewall on, will fail
> >to let TCP packet enter my machine.
> >
>
> Some more infos on this problem,
>
> I've now tracked down the problem and I found out the rule
> that make my firewall useless: with 2.6.11.6-powerpc, any
> packet matches a rule with
> "-m state --state INVALID"
> flags which apparently is setup by ip_conntrack.
> And I've checked with 2.6.8, this has definitely been
> introduced afterward.
>
> It is independent of iptables 1.2 or 1.3.1
>
> I'm wondering what is so special in my configuration that
> I'm the only one to experience that.
>
> If you think this question is not relevant to debian-ppc,
> can someone please advise another list to try, or which
> package to bugreport to.
>
> Thanks again.
>
> Cedric
--
roi
Reply to: