Re: NAT stops working (more)

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Taylor Grant <gtaylor@riverviewtech.net>
To: netfilter@lists.netfilter.org
Subject: Re: NAT stops working (more)
Date: Mon, 25 Apr 2005 21:00:33 -0500	[thread overview]
Message-ID: <426DA0C1.9000004@riverviewtech.net> (raw)
In-Reply-To: <1114466195.28469.9.camel@plasma.starken.com>

Daniel Wittenberg wrote:
> The only ideas people came up with was the conntrack table, but I know
> that's not a problem (I see no errors at all, plus manually checking it
> is fine).  So now I'm wondering how I can debug netfilter itself?
> kernel debugger?  I can see the packets come into the host using
> tcpdump/ethereal, but they don't go out the internal interface, so not
> sure how to "track" the packet within the kernel.  Ideas?
> 
> Thanks,
> Dan

Dan, silly question, but are you sure that your firewall is not somehow interfering with the traffic?  Could you do an iptables dump of the filter, mangle, and nat tables the next time that the traffic exhibits this failure?  If you could post that (scrubbed of sensitive IPs if needed) as well as some of your network config (interfaces and IP addresses, upstream gateways, etc) we might be able to do more for you.  I know that any time that I have had any thing just not work it has usually been a firewall issue.  You say that you are playing with your routing cache, so we might need an output of your routing tables as well, route -n should do the trick unless you are doing any advanced routing.

Grant. . . .

next prev parent reply	other threads:[~2005-04-26  2:00 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-25 21:56 NAT stops working (more) Daniel Wittenberg
2005-04-26  2:00 ` Taylor Grant [this message]
2005-04-26 15:25   ` Dan Wittenberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=426DA0C1.9000004@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox