Package: fiaif Version: 1.21.1-16 Severity: critical Justification: breaks unrelated software
After the recent (i.e. today's or yesterday's) Debian testing upgrade, my internal network does not work. I have a Debian box as a firewall/router/desktop, and behind it are two Ubuntu boxes, each on their own ethernet connection. When fiaif is running on the Debian box, the Ubuntu boxes have no network connectivity. With fiaif off, the Ubuntu boxes and the Debian box can talk to each other. However, then the Ubuntu boxes have no access to the internet because they depend on fiaif to do NAT. So, failure of FIAIF (or whatever was upgraded) breaks unrelated software (i.e. the other two computers). I see lots of these messages now: Dec 9 22:29:47 desk kernel: [ 4010.982414] [FIAIF_ZONE_MISS_INTD]:IN=eth1 OUT= MAC= SRC=192.168.3.1 DST=192.168.3.255 LEN=182 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=162 which I have never seen before. Routing tables (fiaif up): $ sudo /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.3.0 * 255.255.255.0 U 0 0 0 eth1 192.168.2.0 * 255.255.255.0 U 0 0 0 eth2 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 default speedtouch.lan 0.0.0.0 UG 0 0 0 eth0 $ But a ping from either side yields nothing: $ ping 192.168.3.2 PING 192.168.3.2 (192.168.3.2) 56(84) bytes of data. ^C --- 192.168.3.2 ping statistics --- 14 packets transmitted, 0 received, 100% packet loss, time 13102ms $ Now, stop fiat via /etc/init.d/fiaif stop and the Ubuntu boxes can now ping the Debian box and even get web pages via a squid proxy. I cannot honestly say that I have isolated the problem yet, but it's clearly related to a Debian upgrade and clearly involves fiaif in some way, and has sticken both Ubuntu boxes at once. (P.S. If I reboot one of the Ubuntu boxes into Windows XP, I see the same behavior. So, it's not a Ubuntu problem, either.) -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-proposed-updates') Architecture: i386 (i686) Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages fiaif depends on: ii anacron 2.3-14 cron-like program that doesn't go ii bash 4.0-4 The GNU Bourne Again SHell ii coreutils 7.4-2 The GNU core utilities ii cron 3.0pl1-106 process scheduling daemon ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy ii debianutils 3.2.2 Miscellaneous utilities specific t ii dnsutils 1:9.6.1.dfsg.P1-3 Clients provided with BIND ii grep 2.5.4-4 GNU grep, egrep and fgrep ii iptables 1.4.5-1 administration tools for packet fi ii logtail 1.2.69 Print log file lines that have not ii net-tools 1.60-23 The NET-3 networking toolkit ii sed 4.2.1-4 The GNU sed stream editor ii wget 1.12-1.1 retrieves files from the web fiaif recommends no packages. Versions of packages fiaif suggests: ii iproute 20090324-1 networking and traffic control too ii linux-image-2.6.30-1-68 2.6.30-6 Linux 2.6.30 image on PPro/Celeron ii linux-image-2.6.30-2-68 2.6.30-8squeeze1 Linux 2.6.30 image on PPro/Celeron pn ulogd <none> (no description available) -- debconf information: * fiaif/warning: fiaif/enable_cron: true fiaif/enable_initd: true fiaif/cron_logfile: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
