lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20230119085223.7cf16c57@hermes.local>
Date:   Thu, 19 Jan 2023 08:52:23 -0800
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     netdev@...r.kernel.org
Subject: Fw: [Bug 216952] New: The most recent Raspberry Pi OS 64-bi 5.15.84
 Linux kernel seems not to forward any IPv4 packets even if
 net.ipv4.ip_forward=1 is set properly, NO ROUTER FUNCTIONALITY in kernel

Have my doubts that this is a kernel bug.

Begin forwarded message:

Date: Thu, 19 Jan 2023 14:17:16 +0000
From: bugzilla-daemon@...nel.org
To: stephen@...workplumber.org
Subject: [Bug 216952] New: The most recent Raspberry Pi OS 64-bi 5.15.84 Linux kernel seems not to forward any IPv4 packets even if net.ipv4.ip_forward=1 is set properly, NO ROUTER FUNCTIONALITY in kernel


https://bugzilla.kernel.org/show_bug.cgi?id=216952

            Bug ID: 216952
           Summary: The most recent Raspberry Pi OS 64-bi 5.15.84 Linux
                    kernel seems not to forward any IPv4 packets even if
                    net.ipv4.ip_forward=1 is set properly, NO ROUTER
                    FUNCTIONALITY in kernel
           Product: Networking
           Version: 2.5
    Kernel Version: Linux 5.15.84-v8+ #1613 SMP PREEMPT Thu Jan 5 12:03:08
                    GMT 2023 aarch64
          Hardware: ARM
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: blocking
          Priority: P1
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: tomkori@....net
        Regression: No

I have produced some extensive documentation of my attempts of getting a
Raspberry Pi 4 4GB running the most Raspberry Pi OS 64-bit (Debian bullseye
arm64) and a WaveShare SIM8200EA M2 5G HAT modem working as a residential
gateway combination. I got the modem working and able to connect to the
internet on the Raspberry Pi 4 4 GB locally, but the packet forwarding seems to
not work at all. When tracerouting the packets, their path always ends at my
Raspberry Pi 4 4 GB supposed-to-be residential gateway without being forwarded
to the ISP-provided dynamic IP address and tiny network. I have made a summary
thread on the Raspberry Pi Forum containing firewall configuration,
/etc/sysctl.conf settings, ISC DHCP server configuration and routing tables:

https://forums.raspberrypi.com/viewtopic.php?t=346017

I have the following network configuration:

    1) a private network 192.168.1.0/24

    2) inside 192.168.1.0/24 an OpenWrt operated ethernet PoE+ DSA switch

    3) inside 192.168.1.0/24 an OpenWrt operated Wifi router which is connected
via its WAN interface to the ISP provided modem on 192.168.0.0/24 network. The
ISP modem does not allow anything, it is basically an intransparent bridge. The
Wifi router is running a DHCP server on its LAN interface containing the LAN
ports and it has another DHCP server running for managing the Wifi connections.

    4) my Raspberry Pi 4 4GB / WaveShare SIM8200EA-M2 5G HAT combination
running with a temporary SIM card, till i can replace the ISP provided modem by
it. The RPi/5G HAT has lo, eth0, wlan0, wwan0 (plus usb0 from thethering via
dwc2 and g_ether) interfaces and could be used as DMZ as such. The RPi/5G HAT
eth0 is connected to the Switch and has IP 192.168.1.1, which should be the
residential router/gateway IP. wlan0 is connected to the Wifi router. I have
configured a working nftables firewall filtering ICMP traffic for both IPv4 and
IPv6 that works nicely when i use the internet access locally on my RPi / 5G
HAT. wwan0 is the 5G HAT modem interface, which is configured via
NetworkManager (is it possible also via /etc/network/interfaces?) and
ModemManager and has a small private subnet assigned by DHCP from the ISP (my
ISP also allows for public dynamic IPs which are routable in the internet). I
have configured a static route from the RPI / 5G HAT to the Wifi router, such
that it can have internet access via the ISP modem, even when the 5G HAT is
turned off.

Now how can i get my RPi / 5G HAT to become a residential gateway to serve
internet access to the whole 192.168.1.0/24 home network including the Wifi
devices? When i install an ISC DHCP server on my RPi / 5G HAT, it always messes
up with the DHCP server of the Wifi router and the Wifi devices loose internet
connectivity. As far as i have understood, routing functionality in internal
networks is provided via DHCP and DNS server's as well as activation of ip
forwarding.

(Taken from https://forums.raspberrypi.com/viewtopic.php?t=346014)

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ