Hello, I'm having a very strange problem concerning traceroute and routing and didn't know if lartc or netfilter would be the correct choice for asking. (so sorry if my question is misplaced) I have the following setup: public ip -- gw1 -- 172.16.0.1 --- 172.16.0.2/and public ip's --- gw2 --- switch --users (public and private ip addresses; ip-user-pub) from the internet: Traceroute to a ip-user-pub shows: public ip gw1 --> 172.16.0.2 --> ip-user-pub I tried using SNAT on gw2 so that instead of 172.16.0.2 I would get one of the public ip addresses I have on gw2. It seems that packets with ttl time exceeded in transit get through to the mangle table in POSTROUTING but no longer reach the nat table in POSTROUTING (so they no longer get SNATed). The same thing happens to these kind of icmp packets if I try to SNAT them on gw1. Tcpdump just shows me 172.16.0.2 each time, exitting the public interfaces and the nat rule counter does not increase.. I also tried marking packets in mangle table and then seeing if that same mark reaches the nat table (both done in POSTROUTING) and saw that my mark no longer gets to the nat table. Any ideea what's causing this ? Or how can I make it so that instead of 172.16.0.2 I would get one of gw2's public ip's ? _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
