| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Sep 2012 16:44:26 +0100 From: Chris Clayton <chris2553@...glemail.com> To: netdev@...r.kernel.org Subject: Possible networking regression in 3.6.0 Hi, I'm having a problem with networking. I'm running Windows XP as a KVM guest on a laptop running kernel 3.6.0-rc6. The identical configuration works fine with kernels 3.5.4 and 3.4.11 (and has done so, largely unchanged, since since KVM was introduced in 2.6.<whatever>.) The configuration is: XP guest: 192.168.200.1 (gateway 192.168.200.254) tap0: 192.168.200.254 host: 192.168.0.40 (gateway 192.168.0.1) router: 192.168.0.1 The script that starts up the firewall includes the following commands: # Load the connection-sharing for qemu/kvm guests echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE ... # allow traffic to and from the qemu/kvm virtual networks NETS="200 201" for net in $NETS; do iptables -A INPUT -s 192.168.$net.0/24 -j ACCEPT iptables -A OUTPUT -d 192.168.$net.0/24 -j ACCEPT done ... The network-related modules that are loaded are: $ lsmod Module Size Used by tun 12412 0 xt_state 891 1 iptable_filter 852 1 ipt_MASQUERADE 1222 1 iptable_nat 3087 1 nf_nat 10901 2 ipt_MASQUERADE,iptable_nat nf_conntrack_ipv4 4942 4 nf_nat,iptable_nat nf_defrag_ipv4 815 1 nf_conntrack_ipv4 nf_conntrack 37644 5 ipt_MASQUERADE,nf_nat,xt_state,iptable_nat,nf_conntrack_ipv4 ... r8169 47159 0 From the host I can successfully ping the guest, tap0 and the router as you would expect, but from the guest, although I can ping the host and tap0, I cannot ping the router. In practice, this means I have no internet access from the guest. As I say, this configuration works perfectly under 3.5.x and 3.4.x kernels. I'll do a coarse-grained "bisect" of Linus' 3.6 release candidates and report back, but does anyone have any prime-suspect patches that may be at the cause of this problem? Let me know if there are any other diagnostics I can provide. Also, as I'm not subscribed to netdev, please cc me to any reply. Thanks, Chris -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists