On Wed, Oct 17, 2012 at 08:03:29PM +0200, Baptiste wrote: > Hi, > > First, you should try without TPROXY mode. > Then you should give a increase the value of the ip_local_port_range > sysctl... and tune your sysctl in general.
I suspect conntrack is enabled and gets fooled by conflicting entries between the client and server sides reusing the same ports. It's hard to say without the config but it looks like this anyway. Willy
