Your message dated Sat, 25 Jul 2009 19:20:53 +0100
with message-id <[email protected]>
and subject line ipmasq has been removed from Debian, closing #496036
has caused the Debian Bug report #496036,
regarding ipmasq: DROP Multicast DNS on virtual external interfaces
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
496036: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496036
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ipmasq
Version: 4.0.8-5
Severity: normal
I've the following dropping packets log:
Aug 22 04:33:17 My kernel: [330025.308200] IN=eth0 OUT= MAC= SRC=192.168.1.13
DST=224.0.0.251 LEN=93 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353
DPT=5353 LEN=73
with the following configuration:
r...@my:~# ipmasq -d
#: Interfaces found:
#: eth0 192.168.1.5/255.255.255.192
#: eth0:0 192.168.1.13/255.255.255.192
#: eth0 192.168.1.5/255.255.255.192
#: eth0:0 192.168.1.13/255.255.255.192
...
#: Accept dumb broadcast packets on external interfaces
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 255.255.255.255/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 255.255.255.255/32
#: Accept incoming packets from external networks on external interfaces
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 192.168.1.5/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 192.168.1.63/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 192.168.1.13/32
/sbin/iptables -A INPUT -j ACCEPT -i eth0 -d 192.168.1.63/32
r...@my:~# dpkg -l avahi-daemon
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Nome Versione Descrizione
+++-==============-==============-============================================
ii avahi-daemon 0.6.23-2 Avahi mDNS/DNS-SD daemon
Obviously the problem is with multicast-dns outgoing packets from
virtual external interface eth0:0 incoming into external interface
eth0.
These packets are generated by avahi-daemon. The following command
evidence the problem:
r...@my~:# /etc/init.d/avahi-daemon restart
Restarting Avahi mDNS/DNS-SD Daemon: avahi-daemon.
I've more than 1 external IP address in the pubblic interface.
A solution is to accept packets generated from the system itself.
I suggest to add to O90extbcast.def or to a new rule
(D90extmcast.def) something to mark local outgoing mdns packets:
for i in $EXTERNAL_OUT; do
ipnm_cache $i
$IPTABLES -t mangle -A OUTPUT -j MARK --set-mark 5353 -o ${i%%:*} \
-s $IPOFIF/32 -d 224.0.0.251 -p udp --sport 5353 --dport 5353
done
and accept them in the INPUT filter rules. I suggest to add into
I90extbcast.def or in a new rule (I90mcast.def) something like:
for i in $EXTERNAL_IN; do
[ "$i" != "${i%%:*}" ] && continue
$IPTABLES -A INPUT -j ACCEPT -i ${i%%:*} -m mark --mark 5353
done
I don't know avahi-daemon or Mulicast DNS so I don't know if it's
a good solution or there are other solutions.
Thank you, Guido Bozzetto.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (560, 'testing'), (550, 'testing'), (545,
'testing-proposed-updates'), (460, 'stable'), (445, 'proposed-updates'), (440,
'stable'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: lang=it...@euro, lc_ctype=it...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages ipmasq depends on:
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii iptables 1.4.1.1-2 administration tools for packet fi
ipmasq recommends no packages.
Versions of packages ipmasq suggests:
pn bridge-utils <none> (no description available)
ii mc 2:4.6.2~git20080311-3 midnight commander - a powerful fi
ii oidentd 2.0.8-1.2 replacement ident daemon
-- debconf information:
ipmasq/external-rules-moved: true
* ipmasq/start-location: After network interfaces are brought up
ipmasq/dpkg-conffiles:
* ipmasq/ppp-turn-off:
ipmasq/old-ipmasq.conf: true
ipmasq/old-rc.boot-file: true
* ipmasq/start: true
ipmasq/ppp-turn-on:
ipmasq/move-ipmasq.rules: true
* ipmasq/ppp-recompute: true
--- End Message ---
--- Begin Message ---
Version: 4.0.8-7+rm
The ipmasq package has been removed from Debian so we are closing
the bugs that were still opened against it.
For more information about this package's removal, read
http://bugs.debian.org/538384 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Marco Rodrigues
--- End Message ---