I'm observing lost packets when a gateway doing NAT also locally hosts a server for DNS or NTP. I believe this the result of the ambiguous conditions that can exist when routing server-to-server packets coming into the gateway.
I can avoid it by specifying --to-source ports in a SNAT rule for NTP, or with DNAT and --to-destination port to force usage of the gateway's server (which is likely the best solution). I've not tried this on DNS yet, but I expect it will solve the problem as well.
Is this a known situation for these protocols (and similar)? Or am I barking up the wrong tree?
Thanks.
-- Andrew E. Mileski
