Package: iptables Version: 1.4.11.1-2 Severity: important
I have encountered a problem with iptables and kernels older than 2.6.39. I manage firewall rules with shorewall, and I have rules to redirect outgoing HTTP traffic to a transparent proxy server. An example of such a rule in shorewall is: HTTP(DNAT) lan dmz:$PROXY:3129 - - - !$PROXY_BYPASS The server is running the following kernel package: ii linux-image-2.6.38-2-amd64 2.6.38-3 Linux 2.6.38 for 64-bit PCs Running 'iptables -L -n' shows the following rule (white-space compacted): ~excl0 tcp -- 0.0.0.0/0 10.128.6.3 tcp dpt:3129 ctorigdstport 20480 /* HTTP */ The 20480 value assigned to the ctorigdstport parameter is incorrect. This should be 80. I created a virtual machine to reproduce the probem and found that it happened with a 2.6.32 and 2.6.38 kernel. But once I booted it into the 2.6.39 kernel, all was fine. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages iptables depends on: ii libc6 2.13-7 Embedded GNU C Library: Shared lib ii libnfnetlink0 1.0.0-1 Netfilter netlink library iptables recommends no packages. iptables suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org