LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Alan Kennington <akenning@topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Thu, 5 Jul 2001 05:36:43 +0930

Re: spurious iptables "untracked packet" problem

On Mon, Jul 02, 2001 at 07:09:52PM +0930, Alan Kennington wrote:
> Has anyone else experienced a surprising number of
> "untracked" packet rejections by iptables for no obvious reason?
> 
> Here's an example from my log file:
> 
> =================================================
> May 14 18:05:16 dog kernel: NAT: 0 dropping untracked packet c4f06c00 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:16 dog kernel: NAT: 0 dropping untracked packet c08439e0 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:16 dog kernel: NAT: 0 dropping untracked packet c4f06c00 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:16 dog kernel: NAT: 0 dropping untracked packet c08439e0 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:16 dog kernel: NAT: 0 dropping untracked packet c4f13640 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c08439e0 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c4f13640 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c4f067a0 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c08439e0 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c4f13640 1 139.130.140.1 -> 139.130.140.14
>  May 14 18:05:25 dog kernel: NAT: 0 dropping untracked packet c4f067a0 1 139.130.140.1 -> 139.130.140.14
> ==================================================
> 



Well, that's history now.
I've just built a new linux kernel 2.4.6, and the old
"untracked packet" problem has mysteriously disappeared,
as far as my initial tests indicate.

By the way, if anyone wants to use the new kernel,
beware of some compilation problems with files like
drivers/mtd/amd_flash.c  line 642
drivers/mtd/cfi.h        line 387
(These are relevant to flash memory devices only.)

These both had include-file errors which caused the
function do_softirq() to not be defined when I compiled the
kernel on my Toshiba Portégé 3020CT, although the problem
did not arise on my AMD K6-2/500.

Apart from that, I would say that the 2.4.6 kernel is
a good idea to compile and use right now, because
it fixes ReiserFS problems and iptables problems.

Cheers, and good compilage,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page