Bug 658571 – connection sharing broken due to bad iptables command

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 658571 - connection sharing broken due to bad iptables command


Summary:	connection sharing broken due to bad iptables command


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	general
Version:	0.9.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Dan Williams
QA Contact:	Dan Williams

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-09-08 14:41 UTC by Ignacio Aguilera
Modified:	2011-10-17 13:47 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
fix iptable command (916 bytes, patch) 2011-09-08 14:43 UTC, Ignacio Aguilera	none	Details \| Review

Description Ignacio Aguilera 2011-09-08 14:41:35 UTC

Description:
Connection sharing wasn't working properly (in Archlinux). 
I could ping to host but there was not package forwarding (no Internet access).
After patching, connection sharing is working again.


Additional info:
* package version(s)
iptables-1.4.12.1-1
networkmanager-0.9.0-1

* config and/or log files etc.

[/var/log/messages.log]

Sep  8 10:02:03 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface eth0 --protocol tcp --destination-port 53 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface eth0 --protocol udp --destination-port 53 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface eth0 --protocol tcp --destination-port 67 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert INPUT --in-interface eth0 --protocol udp --destination-port 67 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert FORWARD --in-interface eth0 --jump REJECT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert FORWARD --out-interface eth0 --jump REJECT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert FORWARD --in-interface eth0 --out-interface eth0 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert FORWARD --source 10.42.43.0/255.255.255.0 --in-interface eth0 --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table filter --insert FORWARD --destination 10.42.43.0/255.255.255.0 --out-interface eth0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Executing: /usr/sbin/iptables --table nat --insert POSTROUTING --source 10.42.43.0/255.255.255.0 --destination ! 10.42.43.0/255.255.255.0 --jump MASQUERADE
Sep  8 10:02:04 localhost NetworkManager[1125]: <warn> ** Command returned exit status 2.
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Starting dnsmasq...
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> (eth0): device state change: ip-config -> activated (reason 'none') [70 100 0]
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Activation (eth0) successful, device activated.
Sep  8 10:02:04 localhost NetworkManager[1125]: <info> Activation (eth0) Stage 5 of 5 (IP Configure Commit) complete.





And the output of the offending command:

[ignacio@ignacio-desk ~]$ sudo /usr/sbin/iptables --table nat --insert POSTROUTING --source 10.42.43.0/255.255.255.0 --destination ! 10.42.43.0/255.255.255.0 --jump MASQUERADE
[sudo] password for ignacio: 
Bad argument `10.42.43.0/255.255.255.0'
Try `iptables -h' or 'iptables --help' for more information.




Steps to reproduce:
Fresh install, configure internet connection on wlan0 and connection sharing on eth0.

Comment 1 Ignacio Aguilera 2011-09-08 14:43:59 UTC

Created attachment 195999 [details] [review]
fix iptable command

Comment 2 Jiri Klimes 2011-10-17 13:47:05 UTC

Thanks for reporting!

It was fixed on 2011-09-07 as 420fbb599f1f73ab7e946447d29dfba360318618 (master).