Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964789AbVIKA6k (ORCPT ); Sat, 10 Sep 2005 20:58:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964788AbVIKA6k (ORCPT ); Sat, 10 Sep 2005 20:58:40 -0400 Received: from smtp04.auna.com ([62.81.186.14]:46275 "EHLO smtp04.retemail.es") by vger.kernel.org with ESMTP id S964786AbVIKA6j convert rfc822-to-8bit (ORCPT ); Sat, 10 Sep 2005 20:58:39 -0400 Date: Sun, 11 Sep 2005 00:58:08 +0000 From: "J.A. Magallon" Subject: Re: 2.6.13-mm2 To: Linux-Kernel Lista Cc: Patrick McHardy , Andrew Morton , netdev@vger.kernel.org References: <20050908053042.6e05882f.akpm@osdl.org> <1126396015l.6300l.1l@werewolf.able.es> <20050910165659.5eea90d0.akpm@osdl.org> <4323753D.9030007@trash.net> <1126399776l.6300l.2l@werewolf.able.es> In-Reply-To: <1126399776l.6300l.2l@werewolf.able.es> (from jamagallon@able.es on Sun Sep 11 02:49:36 2005) X-Mailer: Balsa 2.3.4 Message-Id: <1126400288l.6300l.3l@werewolf.able.es> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: 8BIT X-Auth-Info: Auth:LOGIN IP:[83.138.208.222] Login:jamagallon@able.es Fecha:Sun, 11 Sep 2005 02:58:37 +0200 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4258 Lines: 100 On 09.11, J.A. Magallon wrote: > > On 09.11, Patrick McHardy wrote: > > Andrew Morton wrote: > > > "J.A. Magallon" wrote: > > > > > >>I can not ifup an interface while iptables is using it. > > >>Is this expected behaviour ? > > > > > > Maybe it's expected, but breaking existing userspace is a serious issue. > > > > No, its not expected. > > > > >>There is a possible bug (IMHO) in Mandrake initscripts, that start iptables > > >>before network interfaces, but this had always worked. > > >> > > >>Any ideas ? > > > > What's happening when you try to set the interface up? Please > > provide output of ifup and strace of the failing command. Thanks. > > werewolf:~# ifdown eth0 > werewolf:~# service iptables start > Applying iptables firewall rules: > [ OK ] > werewolf:~# iptables -v -t nat -L > Chain PREROUTING (policy ACCEPT 2 packets, 156 bytes) > pkts bytes target prot opt in out source destination > > Chain POSTROUTING (policy ACCEPT 5 packets, 300 bytes) > pkts bytes target prot opt in out source destination > 0 0 MASQUERADE all -- any eth0 anywhere anywhere > > Chain OUTPUT (policy ACCEPT 5 packets, 300 bytes) > pkts bytes target prot opt in out source destination > werewolf:~# iptables -v -t filter -L > Chain INPUT (policy ACCEPT 257 packets, 51631 bytes) > pkts bytes target prot opt in out source destination > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT all -- eth0 eth1 anywhere anywhere state RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth1 eth0 anywhere anywhere > > Chain OUTPUT (policy ACCEPT 251 packets, 51163 bytes) > pkts bytes target prot opt in out source destination > > werewolf:~# ifup eth0 > > Determining IP information for eth0...Operation failed. > failed. > > I traced the problem to pump, and I did a diff between strace of pump > when it works and when it doesnt (witout and with iptables started): > > socket(PF_FILE, SOCK_STREAM, 0) = 3 > connect(3, {sa_family=AF_FILE, path="/var/run/pump.sock"}, 20) = 0 > write(3, "\0\0\0\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\300"..., 4280) = 4280 > -read(3, "\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4280) = 4280 > -exit_group(0) = ? > -Process 7931 detached > +read(3, "\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4280) = 4280 > +socket(PF_FILE, SOCK_STREAM, 0) = 4 > +connect(4, {sa_family=AF_FILE, path="/var/run/pump.sock"}, 20) = 0 > +write(4, "\0\0\0\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\300"..., 4280) = 4280 > +read(4, "\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4280) = 4280 > +write(2, "Operation failed.\n", 18Operation failed. > +) = 18 > +exit_group(1) = ? > +Process 7822 detached > > pump seems to write something in the socket, try to read it again and gets > different results. > > Note, my iptables are modular and I did not unload the modules, just stopped > them with 'service iptables stop'. Digging further, if I just do > iptables -t nat -F, pump works again. > > Hope this helps. > And I also get this on syslog: Sep 11 02:56:58 werewolf kernel: MASQUERADE: eth0 ate my IP address Sep 11 02:56:58 werewolf kernel: MASQUERADE: eth0 ate my IP address -- J.A. Magallon \ Software is like sex: werewolf!able!es \ It's better when it's free Mandriva Linux release 2006.0 (Cooker) for i586 Linux 2.6.13-jam3 (gcc 4.0.1 (4.0.1-5mdk for Mandriva Linux release 2006.0)) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/