nat problem: What's so special with traffic from audibank.de?

Lars Täuber <lars.taeuber@xxxxxxx> · Thu, 3 Dec 2009 15:48:31 +0100

Hi there.

Since some years I have experience with the firewall systems inside linux.
But now I have a case where I don't know how to debug this.

I exchanged my hand written firewall rules with rules generated from fwbuilder 3.0.5. The kernel used is the one from ubuntu 8.04 (2.6.24-25-server).

$ iptables -V
iptables v1.3.8

Maybe it's an already known bug in iptables from this old kernel?

All http(s) traffic works exept the one from audibank.de. The start side doesn't show up when called from a computer on the natted side of the local network. When called from the computer doing the firewall/nat it just works.

The phenomenon on a natted computer:

============================== snip ========================
$ LANG=C wget -d audibank.de
DEBUG output created by Wget 1.11.4 on linux-gnu.
[...]
---request end---
HTTP request sent, awaiting response...
============================== snip ========================

All other online banking sides just work.

Here are (hapefully all) the relevant rules that are generated from fwbuilder (using iptables-restore):

echo :INPUT DROP   [0:0]
echo :FORWARD DROP [0:0]
echo :OUTPUT DROP  [0:0]
echo "-A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT"
echo "-A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT"
echo "-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT"

echo "-A OUTPUT   -m state --state INVALID  -j DROP"
echo "-A INPUT    -m state --state INVALID  -j DROP"
echo "-A FORWARD  -m state --state INVALID  -j DROP"

echo ":In_RULE_0 - [0:0]"
echo "-A INPUT    -i ppp0  -s 192.168.4.0/24  -m state --state NEW  -j In_RULE_0 "
echo "-A FORWARD  -i ppp0  -s 192.168.4.0/24  -m state --state NEW  -j In_RULE_0 "
echo "-A In_RULE_0  -j DROP "

echo "-A OUTPUT  -o ppp0 -p tcp -m tcp  -m multiport  --dports 53,80,443,22  -m state --state NEW  -j ACCEPT "
echo "-A OUTPUT  -o ppp0 -p udp -m udp  --dport 53  -m state --state NEW  -j ACCEPT "

echo "-A INPUT    -s 192.168.4.0/24  -m state --state NEW  -j ACCEPT "
echo "-A OUTPUT   -s 192.168.4.0/24  -m state --state NEW  -j ACCEPT "
echo "-A FORWARD  -s 192.168.4.0/24  -m state --state NEW  -j ACCEPT "

echo "-A POSTROUTING -o ppp0  -s 192.168.4.0/24 -j MASQUERADE  "

echo 1 > /proc/sys/net/ipv4/ip_forward

Attached is the tcpdump of the http traffic related to audibank.de

What's wrong? Can someone enlighten me please?
Best regards.
Lars
Attachment:
ppp1.dump

Description: Binary data