mh could it be that your conntrack table is full (if you use it of course)? check your syslog for conntrack messages maybe that could be a reason. greetings Matthias Baake -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx]On Behalf Of Daniel Wittenberg Sent: Wednesday, April 20, 2005 4:50 PM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: NAT stops working We've got a high-speed wireless and DSL connection so I decided to try and load-balance the out-going connections. I run a little script that does: route flush scope global route flush cache route add default scope global equalize nexthop via <external gw 1> dev eth0 weight 1 nexthop via <external gw 2> dev eth1 This appears to work for awhile, then incoming connections stop getting nat'd to their internal addresses. I reboot or reset the firewall (flush all the tables and re-run this script) and things are good again for awhile. I tried flooding some of the external IP's that are nat'd and it seems like after a certain amount of traffic the nat just stops working. tcpdump shows traffic on the external interface coming in, but not going out anywhere. Anyone have ideas on how to debug this further or things to check? Thanks, Dan