On Wednesday 31 December 1969 18:59, netfilter-request@xxxxxxxxxxxxxxxxxxx wrote: > I'm going to presume that the different subnet's from your eth1 and your > iptables rule 172.27.1.0/30 vs 172.27.0.0/30 was a typo. I'm going to presume you saying 172.27.1.0/30 vs 172.27.0.0/30 was a typo. ; ) I'm lazy in the code that generates these rules and I just use ip/mask. iptables seems to be intelligent enough to round down to the network address. It does seem to work.... # /sbin/iptables -t nat -I POSTROUTING -o eth1 -d 172.27.0.2/255.255.255.252 \ -j SNAT --to-source 172.27.0.2 # iptables -t nat -L -n ... Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 0.0.0.0/0 172.27.0.0/30 to:172.27.0.2 > I'm not sure what to say. I'm at a loss as to what might be causing > problems. At this point I would start sniffing as much traffic as I could > on all the networks going in and out of devices that you are working with. > What you are trying to do looks reasonable to me. I don't see any > inherent flaws in what you are trying to do. But that is just my eyes, see > what the rest of the list has to say. Well I will see if adding a 'clamp-mss-to-pmtu' rule makes any difference. Beyond that the next step is to build a unit and XP box and leave them connected a few days until problems start. If problems start. I've yet to see these issues in-shop at all. Dave
