Hi, I just wondered: Is there any update? Is the problem identified or even solved? Should this report be closed or merged with another bug?
Thanks, Michael On Wed, Feb 27, 2008 at 02:29:38PM +0100, Arno van Amersfoort wrote: > Michael, > > I'm already looking into this problem (the submitter provided a SUN > sparc machine I can use for testing). I've already somehat isolated the > problem, but as it looks now the issue is probably in the iptables > binary (or kernel) used by Debian/Sparc. I will also post a bug against > the iptables-package, and see what they can come up with.... > > cheers, > > Arno > > Michael Hanke wrote: >> Hi Marco, >> >> thanks for your report. Could you please provide your configuration >> files: >> >> /etc/arno-iptables-firewall/debconf.cfg >> /etc/arno-iptables-firewall/firewall.conf >> >> Please be sure to remove any possibly confidential information from it >> before posting. >> >> Thanks, >> >> Michael >> >> >> On Wed, Feb 27, 2008 at 11:58:21AM +0100, Marco Rijnsburger wrote: >> >>> Package: arno-iptables-firewall >>> Version: 1.8.8.i-2 >>> Severity: important >>> >>> >>> >>> -- System Information: >>> Debian Release: lenny/sid >>> APT prefers testing >>> APT policy: (500, 'testing') >>> Architecture: sparc (sparc64) >>> >>> Kernel: Linux 2.6.18-3-sparc64-smp (SMP w/1 CPU core) >>> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) >>> Shell: /bin/sh linked to /bin/bash >>> >>> Versions of packages arno-iptables-firewall depends on: >>> ii debconf [debconf-2.0] 1.5.19 Debian configuration >>> management sy >>> ii gawk 1:3.1.5.dfsg-4 GNU awk, a pattern scanning >>> and pr >>> ii iptables 1.3.8.0debian1-1 administration tools for >>> packet fi >>> ii lynx 2.8.6-2 Text-mode WWW Browser >>> >>> Versions of packages arno-iptables-firewall recommends: >>> ii iproute 20080108-1 Professional tools to >>> control the >>> >>> -- debconf information: >>> * arno-iptables-firewall/config-int-nat-net: 172.16.2.0 >>> * arno-iptables-firewall/dynamic-ip: false >>> * arno-iptables-firewall/config-int-net: 255.255.255.0 >>> * arno-iptables-firewall/icmp-echo: true >>> * arno-iptables-firewall/services-udp: 53 >>> arno-iptables-firewall/title: >>> * arno-iptables-firewall/config-ext-if: eth0 >>> * arno-iptables-firewall/services-tcp: 25 53 110 143 443 10000 >>> * arno-iptables-firewall/restart: true >>> * arno-iptables-firewall/config-int-if: eth1 >>> * arno-iptables-firewall/nat: true >>> * arno-iptables-firewall/debconf-wanted: true >>> >>> # ./arno-iptables-firewall start >>> Arno's Iptables Firewall Script 1.8.8.i-2 >>> ------------------------------------------------------------------------------- >>> Sanity checks passed...OK >>> Detected IPTABLES module... Loading additional IPTABLES modules: >>> All IPTABLES modules loaded! >>> Setting the kernel ring buffer to only log panic messages to the console >>> Configuring /proc/.... settings: >>> Enabling anti-spoof with rp_filter >>> Enabling SYN-flood protection via SYN-cookies >>> Disabling the logging of martians >>> Disabling the acception of ICMP-redirect messages >>> Setting the max. amount of simultaneous connections to 16384 >>> Enabling protection against source routed packets >>> Setting default conntrack timeouts >>> Enabling reduction of the DoS'ing ability >>> Setting Default TTL=64 >>> Disabling ECN (Explicit Congestion Notification) >>> Enabling support for dynamic IP's >>> Flushing route table >>> /proc/ setup done... >>> Flushing rules in the filter table >>> Setting default (secure) policies >>> Using loglevel "info" for syslogd >>> >>> Setting up firewall rules: >>> ------------------------------------------------------------------------------- >>> Accepting packets from the local loopback device >>> Enabling setting the maximum packet size via MSS >>> Enabling mangling TOS >>> Logging of stealth scans (nmap probes etc.) enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Logging of packets with bad TCP-flags enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Logging of INVALID packets disabled >>> Logging of fragmented packets enabled >>> iptables: Invalid argument >>> Logging of access from reserved addresses enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Setting up anti-spoof rules >>> Reading custom IPTABLES rules from /etc/arno-iptables-firewall/custom-rules >>> Loading (user) plugins >>> iptables: Invalid argument >>> Setting up INPUT policy for the external net (INET): >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Enabling support for a DHCP assigned IP on external interface(s): eth0 >>> Logging of explicitly blocked hosts enabled >>> Logging of denied local output connections enabled >>> Packets will NOT be checked for private source addresses >>> Allowing the whole world to connect to TCP port(s): 22 >>> Allowing the whole world to send ICMP-requests(ping) >>> iptables: Invalid argument >>> Logging of dropped ICMP-request(ping) packets enabled >>> iptables: Invalid argument >>> Logging of dropped other ICMP packets enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Logging of possible stealth scans enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Logging of (other) connection attempts to PRIVILEGED TCP ports enabled >>> iptables: Invalid argument >>> Logging of (other) connection attempts to PRIVILEGED UDP ports enabled >>> iptables: Invalid argument >>> Logging of (other) connection attempts to UNPRIVILEGED TCP ports enabled >>> iptables: Invalid argument >>> Logging of (other) connection attempts to UNPRIVILEGED UDP ports enabled >>> iptables: Invalid argument >>> Logging of other IP protocols (non TCP/UDP/ICMP) connection attempts enabled >>> iptables: Invalid argument >>> Logging of ICMP flooding enabled >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Applying INET policy to external (INET) interface: eth0 (without an external >>> su) >>> iptables: Invalid argument >>> Setting up INPUT policy for internal (LAN) interface(s): eth1 eth2 >>> Allowing ICMP-requests(ping) >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Allowing all (other) protocols >>> iptables: Invalid argument >>> Setting up FORWARD policy for internal (LAN) interface(s): eth1 eth2 >>> Logging of denied LAN->INET FORWARD connections enabled >>> Setting up LAN->INET policy: >>> Allowing ICMP-requests(ping) >>> iptables: Invalid argument >>> iptables: Invalid argument >>> Allowing all (other) protocols >>> Security is ENFORCED for external interface(s) in the FORWARD chain >>> iptables: Invalid argument >>> >>> Feb 27 11:55:28 All firewall rules applied. >>> >>> >> >> -- GPG key: 1024D/3144BE0F Michael Hanke http://apsy.gse.uni-magdeburg.de/hanke ICQ: 48230050 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
