Your message dated Sun, 2 Apr 2006 10:31:14 -0600
with message-id <[EMAIL PROTECTED]>
and subject line closing duplicate of #360448
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: kernel-image-2.4.27-3-k7
Version: 2.4
Severity: |grave
|I am using my own iptables script where I execute the following
iptables commands on startup:
iptables -A INPUT -m mac --mac-source 00:20:ED:39:91:E7 -p tcp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:20:ED:39:91:E7 -p udp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:12:3F:D6:89:8A -p tcp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:12:3F:D6:89:8A -p udp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:13:D3:FD:20:FA -p tcp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:13:D3:FD:20:FA -p udp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:14:38:00:AB:A6 -p tcp --dport
3128:3130 -j ACCEPT
iptables -A INPUT -m mac --mac-source 00:14:38:00:AB:A6 -p udp --dport
3128:3130 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:20:ED:39:91:E7 -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:12:3F:D6:89:8A -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:13:D3:FD:20:FA -j ACCEPT
iptables -A FORWARD -m mac --mac-source 00:14:38:00:AB:A6 -j ACCEPT
When the server is up, the mac rules are correct like this:
debian:~# iptables
-L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere MAC
00:20:ED:39:91:E7 tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:20:ED:39:91:E7 udp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:12:3F:D6:89:8A tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:12:3F:D6:89:8A udp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:13:D3:FD:20:FA tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:13:D3:FD:20:FA udp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:14:38:00:AB:A6 tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:14:38:00:AB:A6 udp dpts:3128:icpv2
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere MAC
00:20:ED:39:91:E7
ACCEPT all -- anywhere anywhere MAC
00:12:3F:D6:89:8A
ACCEPT all -- anywhere anywhere MAC
00:13:D3:FD:20:FA
ACCEPT all -- anywhere anywhere MAC
00:14:38:00:AB:A6
But after some up time the mac rules are morphing like this:
debian:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere MAC
00:20:ED:39:91:E7 tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:20:ED:39:91:E7 udp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:05:5D:F5:E8:FF tcp dpts:3128:icpv2
ACCEPT udp -- anywhere anywhere MAC
00:05:5D:F5:E8:FF udp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:05:5D:F6:10:BD tcp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:05:5D:F6:10:BD tcp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:12:3F:D6:89:8A tcp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:12:3F:D6:89:8A tcp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:14:38:00:AB:A6 tcp dpts:3128:icpv2
ACCEPT tcp -- anywhere anywhere MAC
00:14:38:00:AB:A6 tcp dpts:3128:icpv2
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere MAC
00:20:ED:39:91:E7
ACCEPT all -- anywhere anywhere MAC
00:05:5D:F5:E8:FF
ACCEPT all -- anywhere anywhere MAC
00:05:5D:F6:10:BD
ACCEPT all -- anywhere anywhere MAC
00:12:3F:D6:89:8A
ACCEPT all -- anywhere anywhere MAC
00:14:38:00:AB:A6
Now is the computer with the mac address 00:13:D3:FD:20:FA unable to
access the squid proxy server on port 3128 because the mac adress is
completly missing.
--- End Message ---
--- Begin Message ---
--
dann frazier
--- End Message ---
