Hi Peter, On Tue, Jan 25, 2005 at 08:15:26AM +1100, Peter Rundle wrote: > >For some reason these packets just ain't traversing the iptables > >chains right. If I zero the counts in the nat table I can see > >they never hit the POSTROUTING chain where the SNAT is happening. > >My netcat packets, from exactly the same box, do. :-/ > > How many rules are in that chain *before* the masquerade statement? Is it > possible that the packets are matching a rule and exiting the chain?
Good suggestion, but no, there's nothing else in that chain. > What happens if you put a -j LOG rule at the very beginning of the > POSTROUTING chain that matches all packets and see if the packets enter the > chain. The good packets do, the bad packets don't. If I add a LOG message to the mangle POSTROUTING chain, though (which comes before the nat POSTROUTING chain), both sets are logged there. Truly weird. I'm going to ask on the netfilter list, since it's increasingly looking like some iptables bogosity. Thanks for your suggestions. Cheers, Gavin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
