Sébastien Bernard a écrit :
Hi, I got a real big headache. My DSL provider a few ago upgraded my line and for this changed the BAS my box used to connect with. I had to reconfigure the ppp configuration. Before, I was using : pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452" It ceased working. The new configuration is using the rp-pppoe.so plugin as : plugin /usr/lib/pppd/2.4.3/rp-pppoe.so Since this modification, I'm not able to do any NAT or MASQUERADE with my gateway. My network architecture is : Private lan (192.168.x.x) => GW (public fixed address) => DSl Modem => Internet When any machine on the private LAN try make a connection to an outside address, the connection made is ok. The three-way handshake is OK with the packets correctly NATED. When the outside peer tries to send data to the internal peer, the Gateway sends a reset back to it without breaking the connection inside of course. It looks like the netfilters didn't accept the incoming packets with payload as part of the nated connection. I had a look to the ip_conntrak connection and the faulty connection is correctly tracked, with an entry. I don't really understand what is happenning. The configuration is nothing special and could resumed as : iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to-source <public address> This was working before and I didn't touch anything to the configuration but the public address that changed when I moved to a speedier DSL line. If anyone could propose an explaination ... Seb
I figured out the problem. NAT is not working with the rp-pppoe.so plugin. I moved back to the pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452" Which worked now (go figure...). And NAT is working again. Any reason for this ?
