Hi Guys, I have been pulling my hair our trying to get to the bottom of this issue. Traffic comes in my eth1 which is my internet interface coming from a cisco router that is also on the same network as my eth1. Traffic needs to go out my eth0 (local lan) to its default gateway unmodified. The problem is that the packets arrive in eth1 with source xxx.xxx.xxx.49 (cisco router) and leave eth0 with a source of xxx.xxx.xxx.50 (my eth1 IP). As shown below. Can anyone give me some suggestions as to what could be modifying the source address of the packets and how to stop it please? As I am all out of ideas and don't know what to google to get to the source of my problem as I do not know what it is. I have done lots of googling but nothing helps me. # tcpdump -ni any host 10.96.11.20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes 15:33:24.698796 IP xxx.xxx.xxx.49.57024 > 10.96.11.20.2055: UDP, length 1464 15:33:24.698827 IP xxx.xxx.xxx.50.57024 > 10.96.11.20.2055: UDP, length 1464 # ip rule list 0: from all lookup local 20: from all to 10.156.170.0/24 lookup main 21: from all to 10.0.0.0/8 lookup main . . . 32766: from all lookup main 32767: from all lookup default # ip route list table main xxx.xxx.xxx.48/28 dev eth1 proto kernel scope link src xxx.xxx.xxx.50 10.156.170.0/24 dev eth0 proto kernel scope link src 10.156.170.100 10.0.0.0/8 via 10.156.170.10 dev eth0 default via xxx.xxx.xxx.49 dev eth1 Firewall Traffic is ACCEPT through the FORWARD chain. Confirmation via logging that it is not hitting my SNAT rule LAN traffic going out over internet. $iptables --table nat --append POSTROUTING --source 10.96.11.20 --jump LOG --log-prefix "NAT INMONITOR " $iptables --table nat --append POSTROUTING --destination 10.96.11.20 --jump LOG --log-prefix "NAT OUTMONITOR " Regards, Dan IMPORTANT This email and all its attachments are intended solely for the named addressee. It is private and confidential and may contain legally privileged material. If you receive it in error, please advise by return email. Once you have notified us, you should delete it from your system and destroy any copies that you may have made. This email and all its attachments may be subject to copyright. No part of it may be reproduced, adapted or transmitted without the written consent of the copyright owner. Emails may be interfered with or contain computer viruses. No warranty or indemnity is provided in relation to any damage that may be caused due to these matters. ##################################################################################### This e-mail message has been scanned for Viruses and Content and cleared by MailMarshal ##################################################################################### -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
