* packets missing/skipping DNAT rules
@ 2006-03-28 22:34 Mr Ritter
0 siblings, 0 replies; only message in thread
From: Mr Ritter @ 2006-03-28 22:34 UTC (permalink / raw)
To: netfilter
I have some basic rules in the PREROUTING of *nat that perform a DNAT
like so:
-A PREROUTING -p tcp --dport 1234 -j DNAT --to 1.2.3.4
However, on a pretty consistent basis this rule fails to be applied and
I'll see the results of that in the kernel logs like:
Mar 28 15:24:21 hostname IN=eth1 OUT= MAC=<mac addrs> SRC=w.x.y.z
DST=4.3.2.1 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37514 DF PROTO=TCP
SPT=3232 DPT=1234 WINDOW=0 RES=0x00 ACK RST URGP=0
The log shows that a small sampling of packets did not apply the DNAT,
and it is happening enough to notice, I'd say 1 in 100.
Any suggestions on how to troubleshoot and resolve this?
I'm not trying to do anything real fancy, its a simple dual NIC
interface, eth0 is private and eth1 public.
TIA
--
Ritter
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-03-28 22:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-28 22:34 packets missing/skipping DNAT rules Mr Ritter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox