On Tue, Jan 25, 2005 at 10:18:02PM +1100, Gavin Carr wrote: > Added some logging like so: > > # Log mangle POSTROUTING > $IPT -t mangle -A POSTROUTING -o $EXT -j LOG --log-prefix 'MANGLE POST: ' > > # Turn on SNAT > $IPT -t nat -A POSTROUTING -o $EXT -j LOG --log-prefix 'POSTROUTING1: ' > $IPT -t nat -A POSTROUTING -o $EXT -j SNAT --to-source 203.213.47.14 > $IPT -t nat -A POSTROUTING -o $EXT -j LOG --log-prefix 'POSTROUTING2: ' > > and all I see in the logs for the bad connection is the 'MANGLE POST' > packets - no 'POSTROUTING1' shows up at all. So it looks like the packets > are just skipping the nat table altogether somehow? This does seem to be the core problem - packets are being logged in the mangle POSTROUTING table, but then not showing up in the nat POSTROUTING table. Not all packets, though - just these problem ones. Anyone have any idea how this can happen? All the diagrams I've seen seem to indicate that mangle and nat postrouting are strictly sequential? All suggestions gratefully received. Cheers, Gavin
