[Touch-packages] [Bug 1917920] Re: magic-proxy broke with iptables 1.8.7-1ubuntu2

Fri, 07 May 2021 08:47:02 -0700 

This bug was fixed in the package livecd-rootfs - 2.721

---------------
livecd-rootfs (2.721) impish; urgency=medium

  [ Dimitri John Ledkov ]
  * 999-cpc-fixes: enable more code on grub2 armhf & arm64 (LP: #1925780)
  * Add support for generic preinstalled images. LP: #1923832
  * Change iptables calls, to query rules and quickly check that
    connectivity works after transparent proxy has been installed. LP:
    #1917920
  * magic-proxy: replace http.client with urllib calls
  * buildd: Re-enable merged /usr by default, as it is now required

  [ Michael Hudson-Doyle ]
  * remove the workaround for bug #1893818

  [ Ɓukasz 'sil2100' Zemczak ]
  * Start using the ubuntu-server-raspi seeds for preinstalled raspi server
    images, similarly to how it's done for desktop-preinstalled images.
  * Drop the unused imx6 support.

 -- Dimitri John Ledkov <x...@ubuntu.com>  Wed, 05 May 2021 19:08:21
+0100

** Changed in: livecd-rootfs (Ubuntu)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1917920

Title:
  magic-proxy broke with iptables 1.8.7-1ubuntu2

Status in launchpad-buildd:
  New
Status in iptables package in Ubuntu:
  New
Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in lxd package in Ubuntu:
  New

Bug description:
  when iptables got upgraded from 1.8.5-3ubuntu4 to 1.8.7-1ubuntu2 magic
  proxy stopped working in livecd-rootfs.

  It does very simple thing:

  iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner
  daemon -j REDIRECT --to 8080

  inside hirsute lxd container, with quite high privileges, in a bionic
  VM, running 4.15 kernel.

  With 1.8.5 above worked fine, with 1.8.7 somehow there was no outbound
  connectivity the very first http networking command after the above
  call would just hang indefinitely.

  However, if one does this instead:

  iptables -vv -t nat -S
  iptables-legacy -vv -t nat -S
  iptables -vv -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon 
-j REDIRECT --to 8080

  somehow magically everything starts to work fine.

  weird.

To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad-buildd/+bug/1917920/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to