Public bug reported: There seems to be a slight problem with iptables + adapter aliases.
Take the alias eth0:1 for example... ifconfig eth0:1 eth0:1 Link encap:Ethernet HWaddr 00:25:90:eb:cb:ae inet addr:158.69.167.64 Bcast:158.69.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1) This rule works + seems incorrect (notice -i rather than -i eth0:1) iptables -w -t nat -A PREROUTING -i eth0 -p tcp --dst 158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80 2) This rule fails + seems correct (notice -i eth0:1) iptables -w -t nat -A PREROUTING -i eth0:1 -p tcp --dst 158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80 In #2 the rule is consumed without generating any error. Seems like either eth0:1 should be accepted + should work or should generate an error. The iptables man page says -i is the "Name of an interface via which a packet was received" so I'm guessing anytime -i is passed with an alias, then the correct action is to either generate an error + die or better generate a warning that the alias has been converted to the base interface (any :\d+ has been stripped). This is a low priority item + at the same time can suck a huge amount of time debugging. ** Affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1492837 Title: iptables nat prerouting slight problem with adapter aliases Status in iptables package in Ubuntu: New Bug description: There seems to be a slight problem with iptables + adapter aliases. Take the alias eth0:1 for example... ifconfig eth0:1 eth0:1 Link encap:Ethernet HWaddr 00:25:90:eb:cb:ae inet addr:158.69.167.64 Bcast:158.69.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 1) This rule works + seems incorrect (notice -i rather than -i eth0:1) iptables -w -t nat -A PREROUTING -i eth0 -p tcp --dst 158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80 2) This rule fails + seems correct (notice -i eth0:1) iptables -w -t nat -A PREROUTING -i eth0:1 -p tcp --dst 158.69.167.64 --dport 80 -j DNAT --to 10.0.3.189 80 In #2 the rule is consumed without generating any error. Seems like either eth0:1 should be accepted + should work or should generate an error. The iptables man page says -i is the "Name of an interface via which a packet was received" so I'm guessing anytime -i is passed with an alias, then the correct action is to either generate an error + die or better generate a warning that the alias has been converted to the base interface (any :\d+ has been stripped). This is a low priority item + at the same time can suck a huge amount of time debugging. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1492837/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp