429574 – net-misc/networkmanager-0.8.4.0-r2 fails the NAT when sharing a connection

Bug 429574 - net-misc/networkmanager-0.8.4.0-r2 fails the NAT when sharing a connection

Summary: net-misc/networkmanager-0.8.4.0-r2 fails the NAT when sharing a connection

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Nirbheek Chauhan (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:	430370
Blocks:
	Show dependency tree

Reported:	2012-08-02 20:56 UTC by Enrico Tagliavini
Modified:	2012-10-07 08:24 UTC (History)
CC List:	3 users (show)

See Also:	http://bugs.debian.org/638995
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Enrico Tagliavini 2012-08-02 20:56:43 UTC

When you try to share a connection with the stable version of networkmanager it doesn't work due to the use of old style iptables command. For example when I try to share my ppp0 connection via eth0 you can see this in syslog:

Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> Executing: /sbin/iptables --table filter --insert FORWARD --in-interface eth0 --out-interface eth0 --jump ACCEPT
Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> Executing: /sbin/iptables --table filter --insert FORWARD --source 10.42.43.0/255.255.255.0 --in-interface eth0 --jump ACCEPT
Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> Executing: /sbin/iptables --table filter --insert FORWARD --destination 10.42.43.0/255.255.255.0 --out-interface eth0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> Executing: /sbin/iptables --table nat --insert POSTROUTING --source 10.42.43.0/255.255.255.0 --destination ! 10.42.43.0/255.255.255.0 --jump MASQUERADE
Aug  2 22:38:19 ivythink NetworkManager[1851]: <warn> ** Command returned exit status 2.
Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> Starting dnsmasq...
Aug  2 22:38:19 ivythink NetworkManager[1851]: <info> (eth0): device state change: 7 -> 8 (reason 0

the MASQUERADE command is not correct with recent kernels/iptables. *This is a known bug upstream and it has been fixed*, see here http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=420fbb599f1f73ab7e946447d29dfba360318618

The fix was also backported to 0.8 series, so nm 0.8 needs to be bumped to version 0.8.6 or 0.9.4 needs to be stabled. Actually this feature is broken in stable but it should work in ~arch, so the quick solution is likely the former

Reproducible: Always

Steps to Reproduce:
1. Make a shared connection with another pc
2. Look at syslog, and iptables -nvL -t nat
3. notify the NAT has not been set up
Actual Results:  
No automatic NAT

Expected Results:  
Automatic NAT set up

Comment 1 Enrico Tagliavini 2012-08-02 20:59:09 UTC

If you choose to bump nm 0.8.6 this bug should depend on bug #390461

Comment 2 Enrico Tagliavini 2012-08-03 12:54:27 UTC

Mhm I was wrong, the fix has not been backported to nm 0.8, but it is dead easy to backport it. So it can be backported to 0.8.4 as well, but I think a bump to the lastest 0.8 is anyway a good thing until 0.9 is in stable.

Comment 3 Enrico Tagliavini 2012-08-14 15:25:46 UTC

I've applied the patch back to 0.8.4-r2 and it works like a charm.

Comment 4 Alexandre Rostovtsev (RETIRED) gentoo-dev

2012-08-14 15:35:39 UTC

Honestly, instead of patching the obsolete 0.8.4, would prefer to just mark networkmanager-0.9.4 stable, see bug #430370.

Comment 5 Enrico Tagliavini 2012-08-14 15:42:33 UTC

(In reply to comment #4)
> Honestly, instead of patching the obsolete 0.8.4, would prefer to just mark
> networkmanager-0.9.4 stable, see bug #430370.

Oh this is a very good news. Let's add bug #430370 to depends of this bug and just mark this as FIXED when 0.9.4 is stable. Thank you very much