Anyone with ideas how to troubleshoot this problem? I'm up for anything, it's getting really annoying. Robert LeBlanc BioAg Computer Support Brigham Young University (801)422-1882 leblanc@xxxxxxx > -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter- > bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Robert LeBlanc > Sent: Wednesday, October 18, 2006 8:13 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: IPtables and bridge interface > > Hi all, > I'm having a problem with my new gateway set-up and I'm not sure where > to start with the troubleshooting. I set up a gateway with two NICs in > bridge mode to allow for my public IP addresses to pass straight through > and then set up two virtual addresses on the bridge interface to NAT the > remainder of the machines on my network, but still keep then in > differing collision domains. The problem that I see is that Internet > connectivity is sporadic at best. The connection will stay up for a > minute or so, then go down for 5-60 seconds and then come back up. The > odd thing is that machines with public addresses never see this problem, > only the ones behind the NAT. I am running Debian Etch with kernel > > Linux debian 2.6.16-2-686 #1 Fri Aug 18 19:01:49 UTC 2006 i686 GNU/Linux > > I've also tried the 2.6.17-2-686 kernel with the same results. My > iptables script is pretty bare: > > #! /bin/bash > > modprobe ip_conntrack_ftp iptables_nat iptables_mangle ip_nat_ftp > echo "1" > /proc/sys/net/ipv4/ip_forward > > iptables -t nat -F > > iptables --out-interface br0 -t nat -A POSTROUTING -s 192.168.1.0/22 -j > SNAT --to EXTERNALIP > > I had two iptables rules before, one for each subnet, but combined them > into one rule to see if that would help, but no luck. Can anyone point > me to how to get debug information from iptables or what I might try to > remedy this problem? > > Thank you, > Robert LeBlanc
